Your skill will accomplish what the force of many cannot |
|
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
The "session_secret" isn't buying you a thing. Think about the attack vectors. If someone has the session_id, they also have the session_secret, since they got it by sniffing. If someone can guess your session_id, you didn't use a strong enough ID. Just put more bits into one value: no need to separate it into two values.
Simplify your life. Just use a session_id. That's enough. -- Randal L. Schwartz, Perl hacker
In reply to •Re^3: Is this a secure way to prevent cookie tampering
by merlyn
|
|