I am a novice when it comes to web application security. I have almost completed a web application and before going public I would like to make sure it is rock solid on security.
I was planning on just using CakePHPs default PHP sessions for authentication along with HTTPS ssl configured.
My questions is this sufficient for modern web applications? Should I be looking to use token based authentication instead or are tokens something I should move to as the site grows in popularity.
Thanks all. I’m feeling a bit out of my depth on how to secure my web application.