Comments on: PHP session fixation attacks http://www.webdigi.co.uk/blog/2009/php-session-fixation-attacks/ Little words of wisdom Sat, 04 Sep 2010 23:02:27 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Kefapalge http://www.webdigi.co.uk/blog/2009/php-session-fixation-attacks/comment-page-1/#comment-7509 Kefapalge Fri, 02 Oct 2009 01:40:42 +0000 http://www.webdigi.co.uk/blog/?p=6#comment-7509 Thanks for the pointer. This is usually missed out by developers. Thanks for the pointer. This is usually missed out by developers.

]]> By: alex http://www.webdigi.co.uk/blog/2009/php-session-fixation-attacks/comment-page-1/#comment-6941 alex Tue, 15 Sep 2009 00:55:32 +0000 http://www.webdigi.co.uk/blog/?p=6#comment-6941 Useful tip. Another useful tip (in addition) is to check the $_SERVER['HTTP_USER_AGENT'] string, and if it's changed between requests, you may as well regenerate the id again. Useful tip.

Another useful tip (in addition) is to check the $_SERVER['HTTP_USER_AGENT'] string, and if it’s changed between requests, you may as well regenerate the id again.

]]>