Difference between revisions of "SoC php sessions"

From GeeklogWiki
Jump to: navigation, search
(Template Only)
 
m (fixed mentor)
 
(One intermediate revision by one other user not shown)
Line 2: Line 2:
  
 
== Overview ==
 
== Overview ==
 +
Geeklog currently uses custom session management to maintain users session information. The custom session implementation is antique and needs to be upgraded to a fully supported session management system such as the one provided by [http://www.php.net/manual/en/book.session.php PHP Sessions]. The implementation needs to be secure and should cache user data between page loads of a session.
  
 
== Objective ==
 
== Objective ==
 +
Implement new session handling in Geeklog.
 +
 +
This project could be extended by adding the ability for Geeklog to support http and https for the same site. By forcing logged-in users to use https, session hijacking can be prevented.
  
 
== Level of Difficulty ==
 
== Level of Difficulty ==
 
''medium to high''
 
''medium to high''
  
'''Mentor:''' Vinny Furia
+
Geeklog's existing session software must be understood before being replaced. Student's taking on this project will also have to ensure plugin compatibility with the new session implementation.
 +
 
 +
''Possible mentor:'' [http://www.geeklog.net/users.php?mode=profile&uid=408 Dirk Haun]
  
 
== Further Reading ==
 
== Further Reading ==
 +
* [http://www.php.net/manual/en/book.session.php PHP Sessions]
 +
* [http://phpsec.org/projects/guide/4.html PHP Security Guide: Sessions]

Latest revision as of 10:21, 18 April 2013

(Return to the main idea page for the Google Summer of Code)

Overview

Geeklog currently uses custom session management to maintain users session information. The custom session implementation is antique and needs to be upgraded to a fully supported session management system such as the one provided by PHP Sessions. The implementation needs to be secure and should cache user data between page loads of a session.

Objective

Implement new session handling in Geeklog.

This project could be extended by adding the ability for Geeklog to support http and https for the same site. By forcing logged-in users to use https, session hijacking can be prevented.

Level of Difficulty

medium to high

Geeklog's existing session software must be understood before being replaced. Student's taking on this project will also have to ensure plugin compatibility with the new session implementation.

Possible mentor: Dirk Haun

Further Reading