PHPBuilder - PHP Session IDs Are Guessable



RSS Twitter
News Application Architecture

PHP Session IDs Are Guessable

by: PHPBuilder Staff
|
April 1, 2010

PHP Session IDs are supposed to be random and impossible for a hacker to guess, but that's not the case says security expert Andreas Bogk.

Bogk "warns that, despite recent PHP improvements, the session IDs of users who are logged into PHP applications remain guessable," The H reported.

The problem is that PHP developers are seeding their random generator with a call to the "gettimeofday" function.

Read the whole story: http://www.developer.com/daily_news/article.php/396686/PHP-Session-IDs-Are-Guessable.htm

Comment and Contribute

Your comment has been submitted and is pending approval.

Author:
PHPBuilder Staff

Comment:



Comment:

(Maximum characters: 1200). You have characters left.