danutz0501 Posted June 25, 2012 Report Posted June 25, 2012 Salut am si eu o intrebare. Cum pot proteja sesiunile si sa ma feresc de csrf/** * setare sesiuni-folosire cookie,httponly,no get sau post */ini_set('session.use_trans_sid', 0);ini_set('session.cookie_secure',1);ini_set('session.cookie_httponly',1);ini_set('session.use_only_cookies',1);/** * pornire sesiuni * verificare daca sant setate server side */session_start();if(!isset($_SESSION['SERVER_GENERATED_SID'])) { session_destroy();}session_regenerate_id( );$_SESSION['SERVER_GENERATED_SID']=true;Momentan folosesc setarile de mai sus, si pt csrf un md5(uniqueid()).E bine ce fac, e egal cu zero adica zero protectie , e loc de mai bine? Quote