\begin{result}
The session ids are generated by \PHP{} trough the \code{session\_start}
function. These are indeed sufficiently long, random and unique. There are
- no known attacks against these session ID's.
+ no known attacks against these session IDs.
\end{result}
appropriately restrictive value for the application, and authentication
session tokens additionally set the \code{HttpOnly} and \code{secure} attributes.
\begin{result}
- There is just one cookie for tha application and it's path includes the whole
+ There is just one cookie for the application and it's path includes the whole
site. However this seems appropriate. The \code{HttpOnly} and \code{secure}
attributes are not set for this cookie.
\end{result}