Hi Pieter, On Thu, Apr 13, 2017 at 5:38 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> > On Thu, Apr 13, 2017 at 5:11 PM, Pieter Hordijk <i...@pieterhordijk.com> > wrote: > >> To be honest I am afraid of ending up with something like the current >> state >> of the session docs. Which are imo way too broad / opinionated, non >> English, >> contains utterly confusing examples and / or flat out wrong and broken >> examples. >> Above already resulted in a stream of docs bugs regarding session pages >> and a lot of confused readers. >> > > You may consider my opinion as my personal opinion. I don't know of other > than > me who had that opinion then. > > After our session discussion, it seems OWASP adopted most of discussed > elements in their doc ;) > I'm not exactly sure which part you consider as personal blog. Current session management is too loose and insecure in many ways. Since mandatory features for precise session management are not implemented, the doc is intermediate. I'm willing to improve the doc and appreciate improvement suggestions always. Feel free to send to my personal mail address. Required information for precise and secure session management should be in Precise Session Management RFC https://wiki.php.net/rfc/precise_session_management I appreciate if one could add missing documentation for precise session management. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
