After reading the other wiki article regarding token based access, I thought that it might be interesting to share my method.
After reading the other wiki article regarding token based access, I thought that it might be interesting to share my method.
Suppose a hacker has an account of your website He could set the PHPSESSID to empty After of that He login in your system The PHPSESSID remains blank and user has already logged with this session