Subject: | The code lacks comments It doesn't... |
Summary: | Package rating comment |
Messages: | 2 |
Author: | Colin McKinnon |
Date: | 2010-06-23 09:08:50 |
Update: | 2010-06-24 05:16:35 |
|
|
|
Colin McKinnon rated this package as follows:
Utility: | Insufficient |
Consistency: | Insufficient |
Examples: | Sufficient |
|
Colin McKinnon - 2010-06-23 09:08:50
The code lacks comments
It doesn't appear to do much to enhance the security - it doesn't deal with non-SSL authentication, sessions can still be detected by any program running on the webserver. The encryption appears to serve no purpose - the key needs to be set when the mcryptCryptography object exists - but it's only ever called statically. There is code to deal with session-fixation but it's never explained.
It forces use of a file based session handler rather acting as a decorator around the session handler chosen by the user.
Bijaya Kumar Behera - 2010-06-24 05:16:35 - In reply to message 1 from Colin McKinnon
Thanks Colin, i will focus to add comments. in Next version i will add user handler session .
|