Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m wondering whether for security purposes it would be worth using the session_name() function to rename the default phpsessid to a hashed or encrypted id?
If so, what would be the best way to implement it??
Thanks,
There’s a lot written about this on the web, and previous questions I’ve read on StackExchange. Encrypting your session_id just creates another random number that is as easy to hijack as the original random number.
If you think about it, if you encrypt a session you will either reassign session_id to the new number (in which case you have achieved nothing) or you will use encryption / decryption functions in your script.
If you use the latter method, and someone get’s hold of another users encrypted Session ID, it will be decrypted by your script and access will still be granted.
In short, there is very little point and no real utility in further encrypting your session_id above and beyond the random number it is assigned.