Closed cristopher closed 3 years ago
sr-verde
commented
5 years ago I'm fine with this PR, but this does not improve the security of the app. Security by obscurity is no good design. In addition to that, most servers send "X-Powered-By" in HTTP answer.
cristopher
commented
5 years ago The executive reason is for security, the second reason is that when you use shared cookies in sub-domains * .domain.com, if you run 2 instances of huge (app1.domain.com, app2.domain.com) and the two cookies have the same name, generate error. Use nginx and hide the X-Powered-By tag.
It has happened to me several times
Allows to change the default name (PHPSESSID) of the cookie.
This allows personalization of the cookie, improves security, since it makes it difficult for the attacker to infer what language we use on the server