Browser Extensions and PHP Session IDs

The Issue

One way applications protect against abuse (such as replay attacks) is by assigning a nonce (number used once) to a client connection. This randomly generated number is made available to the client for as long as the connection remains active and is commonly stored server-side to the session, and identified by that connection’s PHPSESSID. This PHPSESSID is associated with the client in a cookie, and shared with each future connection.Read More

Tags | addon, browser, chrome, cookie, extension, firefox, form data, formdata, httponly, params, php, phpsessid, safari, samesite, secure

Disabling Caching with .htaccess

For our friends and fellow designers who would rather not have to perpetually clear browser cache while fine-tuning CSS, Actionscript, ads or procedural images, you might want to have a look at the following apache/.htaccess directive:Read More

Tags | .htaccess, apache, browser, caching, clear, conf, disable, httpd, perpetual, persistent