A rather geeky/technical weblog, est. 2001, by Bramus
For some online services such as Twitter and Facebook I have more than one account. Be it accounts for my company, an alter ego, my children, etc. To easily switch between these accounts – without logging out, back in, and doing the 2FA dance – I rely on a Chrome Extension named SessionBox which allows …
Continue reading “SessionBox – Log in with multiple accounts to any website”
Today I learned about “PHP Session Locking”: PHP writes its session data to a file by default. When a request is made to a PHP script that starts the session (session_start()), this session file is locked. What this means is that if your web page makes numerous requests to PHP scripts, for instance, for loading …
Continue reading “PHP Session Locking: How to Prevent Blocking Requests”
I set out to combine all the best practice I could find into a single Session handler, to help protect against the common attack vectors. Since PHP 5.4, you are able to set the Session handler based on a class instance that extends the default SessionHandler class. Make the session cookie only available over HTTP, …