Apache (PHP ?) default session handling is not reliable. So this is why we have to better implement your-own time-out mechanism.
http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes/1270960#1270960
http://stackoverflow.com/questions/1516266/how-long-will-my-session-last
Session best practice in security https://martinfowler.com/articles/web-security-basics.html#ProtectUserSessions
Update later...
http://security.stackexchange.com/questions/18880/do-you-need-to-encrypt-session-data
http://stackoverflow.com/questions/6185135/session-survives-browser-close-should-i-want-to-prevent-this
http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes/1270960#1270960
http://stackoverflow.com/questions/1516266/how-long-will-my-session-last
Session best practice in security https://martinfowler.com/articles/web-security-basics.html#ProtectUserSessions
Update later...
http://security.stackexchange.com/questions/18880/do-you-need-to-encrypt-session-data
http://stackoverflow.com/questions/6185135/session-survives-browser-close-should-i-want-to-prevent-this
Comments
Post a Comment