We are transitioning over to a new forum platform. Please post new issues there. Existing threads will be dealt with here unless you choose to move them over. Visit the new forum
We've just discovered that perch has a security risk. The Perch admin section is currently vulnerable for Session fixation / Session Hijacking. Even after 30 minutes the Session id is still not expired. This can be fixed by adding a php function session_regenerate_id (http://php.net/manual/en/function.session-regenerate-id.php) every 5 minutes or even very request or x amount of requests.
I presume more advanced programmers will also counter this by adding session regeneration. But for more inexperienced programmers or even non programmers this might be a risk.
Best regards, Bart
Want to reply to this thread?Login with Perch