Lets just consider the trust that the server have with the user.

Session fixation: To avoid the fixation I use "session_regenerate_id ()" ONLY in authentication (login.php)

Session sidejacking: SSL encryption for the entire site.

Am I safe ?


Accepted Answer

Written by
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki