Does Yii implement any security to prevent session hijacking? Some of the basic stuff would be:
Regenerate session id every once in a while
Session expiration (not just relying on the session cookie)
Checking whether user agent is still the same etc.
Anyone done this before in Yii?
So if I wanted to make my own session security in Yii, where would be the best place to do this?
'components' => array(
'session' => array(
'cookieParams' => array(
'httponly' => TRUE
Is it more secure to use cookie or session in order to store user/admin roles to check on every page ??
For moment I use sessions where I store, at connection, user roles. But I read a lot of things about cookie security, not many for sessions, so that’s why I wonder.