I’ve been looking around and am sort of surprised that no one has created a comprehensive PHP secure cookie/session library. Am I missing something?
- DB sessions
- Optional Client-Side Login Hashing
- Request-based Session Regeneration
- Page Tokens (even better w/ Session ID masking)
- Optional IP Locking
- User/Session checking/limiting
- Cookie Envelopes
- Forging/Brute Force detection, actions (tarpitting, lock-outs/bans)
- Cookie shredding