Turbo Learn PHPFeb 27

What's wrong with this PHP session ID from URL?

What's wrong with this PHP session ID from URL in a login flow. The PHP code accepts session id from a query parameter. In PHP apps this enables session fixation attacks.

#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpsessionfixation #phpsessionid #phpauth #phpurl

https://www.youtube.com/watch?v=cvqzDpM53Vw

Whats wrong with this PHP session ID from URL? #phpwebdevelopment

YouTube
Turbo Learn PHPFeb 7

Why are these PHP tokens predictable?

Why are these PHP tokens predictable in production. The PHP code uses uniqid for session tokens, which is based on time and can be guessed. In PHP auth systems this enables session hijacking.

#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phptokenbug #phpuniqid #phpauth #pred...

https://www.youtube.com/watch?v=EZQhzNYJgRs

Why are these PHP tokens predictable? #phpreliability

YouTube