PHP Classes

The code lacks comments It doesn't appear to do much to enha...

Recommend this page to a friend!

      Secure Session Management  >  All threads  >  The code lacks comments It doesn't...  >  (Un) Subscribe thread alerts  
Subject:The code lacks comments It doesn't...
Summary:Package rating comment
Messages:2
Author:Colin McKinnon
Date:2010-06-23 09:08:50
Update:2010-06-24 05:16:35
 

Colin McKinnon rated this package as follows:

Utility: Insufficient
Consistency: Insufficient
Examples: Sufficient

  1. The code lacks comments It doesn't...   Reply   Report abuse  
Picture of Colin McKinnon Colin McKinnon - 2010-06-23 09:08:50
The code lacks comments

It doesn't appear to do much to enhance the security - it doesn't deal with non-SSL authentication, sessions can still be detected by any program running on the webserver. The encryption appears to serve no purpose - the key needs to be set when the mcryptCryptography object exists - but it's only ever called statically. There is code to deal with session-fixation but it's never explained.

It forces use of a file based session handler rather acting as a decorator around the session handler chosen by the user.

  2. Re: The code lacks comments It doesn't...   Reply   Report abuse  
Picture of Bijaya Kumar  Behera Bijaya Kumar Behera - 2010-06-24 05:16:35 - In reply to message 1 from Colin McKinnon
Thanks Colin, i will focus to add comments. in Next version i will add user handler session .