Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rename session cookie to something else, than PHPSESSID

Tags:

php

html5boilerplate

I am reading through the suggested php.ini changes from https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess

One of the suggestions is:

# Rename session cookie to something else, than PHPSESSID
php_value session.name sid

I am interested to know how this could effect my current websites and how this would improve security?

like image 988
John Magnolia Avatar asked Dec 20 '25 05:12

John Magnolia

2 Answers

By changing the name, the only security improvement you will have is that you will no longer expose that you are using PHP via the cookie name.

If you change this value, the only side effect on your website is that all the currently logged-in users will became logged-out.

Plus, you can use a fun name, like we_are_hiring_ninjas!

like image 111
Damien Avatar answered Dec 22 '25 20:12

Damien

The name of the session cookie can be changed from the php.ini file and also from the host definition on Apache config.

Take a look there.

All the best.

like image 23
devanand Avatar answered Dec 22 '25 20:12

devanand
Sign in to Comment

Related questions

To copy the selected Text from a div to a text field on double click the Text
How do you rename a tag in SimpleXML through a DOM object?
Apache Velocity with PHP
How to split up a message longer than 160 chars into multiple messages for sending SMS (PHP)
How to Upload Inline-Images using Graph API Batch Request?
Codeigniter inserts empty value, default value of table field in MySQL is ignored
How do I use Drools with a PHP application?
Why does this header location redirect work after content has already been echoed?
AS or not to AS, queries
Adding a second title to a Custom Post in WordPress?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!