psr7-sessions/storageless

Add security mistakes examples

Opened this issue · 1 comments

Ocramius commented

We need a couple of examples of things to avoid:

  • using an unsafe key
  • storing server-sensitive information in the session
  • storing objects in the session
Slamdunk commented
  • using an unsafe key

This point has been addressed in upstream library:

  1. lcobucci/jwt#835
  2. lcobucci/jwt#836
  3. lcobucci/jwt#855
  4. lcobucci/jwt#939