session Archives - Cloud Insidr

Cloud Insidr 2017-02-20

Maximize your PHP session security by fixing errors and closing the session adoption vulnerability that allows session fixation attacks

When the server can’t write to the session data directory, if will use /var/cache/nginx/fastcgi_temp/ and complain in the error log. You don’t want any of these errors, but a setting considered insecure will not even be reported as such. Here is how to bolster your PHP 7 session security with NGINX and php-fpm.

[Read more…]

Cloud Insidr 2015-11-25

How to Fix PHP Session Errors while Respecting Security with Correct Permissions

Have you ever seen one of these weird redirects? WordPress, for example, may refuse to show the log-in page, leaving you out of its admin interface for good. Here is what to do about it.

[Read more…]