Team LiB
Previous Section Next Section

Summary

In this chapter you have been exposed to every feature that PHP's session capabilities has to offer. This capability of PHP is the foundation of any e-commerce, and mastering its capabilities is critical to your success as a PHP developer. Hopefully, you should be well on your way to development of session-enabled PHP scripts.

As is almost always the case, with great power and flexibility comes great responsibility. Although sessions are a thousand times more secure than attempting to store sensitive information on a client machine, they are by no means perfect. A malicious user could use a number of methods to hijack a visitor's session. In fact, in the end, there will never be a foolproof method of securing such an inherently insecure protocol as HTTP. As a developer, you must always be aware of these security consequences and always question the possible significance of a malicious user successfully hijacking another user's session. For a bank, this is a serious concern because the malicious user could then transfer another person's money into his or her account. However, for your basic message forum, the possibility that one user could send a message to the forum as another user is not nearly as significant.

    Team LiB
    Previous Section Next Section