<h1>Background</h1>
I've been a php developer for several years but mostly using a open source CMS such as wordpress or drupal. Both of these manage sessions in their own way and for the most part I never paid attention to them. Now I am building a custom website without using these cms's which means I need to manage the session myself. As this has lots of security implications I wanted more information about it. I understand security threats affecting form building and url's and general input but very little about session threats.
I noticed in my chrome inspector that my session cookie was named "PHPSESSIONID". This is of course kind of gross. So I found I could change it using either
setting
or change it in the code using some value such as
<h1>The question.</h1>
<strong>What should I be setting this session name too?</strong> Is there a web standard for this? I did search for one and found nothing maybe I have the wrong key-words.
<strong>What are the security implications of setting this name?</strong> Should I include some specific variable in the name or not include a variable due to some possible conflicts. I'm really starting from scratch on the security side here so any info helps.
I've been a php developer for several years but mostly using a open source CMS such as wordpress or drupal. Both of these manage sessions in their own way and for the most part I never paid attention to them. Now I am building a custom website without using these cms's which means I need to manage the session myself. As this has lots of security implications I wanted more information about it. I understand security threats affecting form building and url's and general input but very little about session threats.
I noticed in my chrome inspector that my session cookie was named "PHPSESSIONID". This is of course kind of gross. So I found I could change it using either
Code:
php.ini
Code:
session.name = "mysitename"
Code:
session_name('mysite_' . $some_value);<strong>What should I be setting this session name too?</strong> Is there a web standard for this? I did search for one and found nothing maybe I have the wrong key-words.
<strong>What are the security implications of setting this name?</strong> Should I include some specific variable in the name or not include a variable due to some possible conflicts. I'm really starting from scratch on the security side here so any info helps.