Session Hijacking
PHP Session Security
2025-03-15
12
Again,
session_start()
isn't enough.
Don't use IP address for identification!
Assume the session identifier is captured.
Complicate impersonation.