Browser Extensions and PHP Session IDs

The Issue

One way applications protect against abuse (such as replay attacks) is by assigning a nonce (number used once) to a client connection. This randomly generated number is made available to the client for as long as the connection remains active and is commonly stored server-side to the session, and identified by that connection’s PHPSESSID. This PHPSESSID is associated with the client in a cookie, and shared with each future connection.Read More

Tags | addon, browser, chrome, cookie, extension, firefox, form data, formdata, httponly, params, php, phpsessid, safari, samesite, secure