nitation Posted January 8, 2009 Share Posted January 8, 2009 Hi folks, I want to verify if am on the right track. Am trying to prevent cross-server session stealing on my web page. This is what i came with so far. Do you think am on the right track? <?php IF (!isset($_SESSION['hash']) || ($_SESSION['hash'] != md5($_SERVER['SERVER_NAME'].':'.$_SERVER['HTTP_HOST']))) { $_SESSION = array(); IF (isset($_COOKIE[session_name(md5($_SERVER['SERVER_NAME']))])) {setcookie(session_name(md5($_SERVER['SERVER_NAME'])), '', time()-42000, '/');} session_destroy(); session_start(); $_SESSION['hash'] = md5($_SERVER['SERVER_NAME'].':'.$_SERVER['HTTP_HOST']); } ?> Link to comment https://forums.phpfreaks.com/topic/139961-cross-server-session-stealing/ Share on other sites More sharing options...
btherl Posted January 8, 2009 Share Posted January 8, 2009 What kind of attack are you trying to prevent? Link to comment https://forums.phpfreaks.com/topic/139961-cross-server-session-stealing/#findComment-732300 Share on other sites More sharing options...
nitation Posted January 8, 2009 Author Share Posted January 8, 2009 Never mind. I got it resolved. Link to comment https://forums.phpfreaks.com/topic/139961-cross-server-session-stealing/#findComment-732309 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.