nitation Posted January 8, 2009 Share Posted January 8, 2009 Hi folks, I want to verify if am on the right track. Am trying to prevent cross-server session stealing on my web page. This is what i came with so far. Do you think am on the right track? <?php IF (!isset($_SESSION['hash']) || ($_SESSION['hash'] != md5($_SERVER['SERVER_NAME'].':'.$_SERVER['HTTP_HOST']))) { $_SESSION = array(); IF (isset($_COOKIE[session_name(md5($_SERVER['SERVER_NAME']))])) {setcookie(session_name(md5($_SERVER['SERVER_NAME'])), '', time()-42000, '/');} session_destroy(); session_start(); $_SESSION['hash'] = md5($_SERVER['SERVER_NAME'].':'.$_SERVER['HTTP_HOST']); } ?> Quote Link to comment Share on other sites More sharing options...
btherl Posted January 8, 2009 Share Posted January 8, 2009 What kind of attack are you trying to prevent? Quote Link to comment Share on other sites More sharing options...
nitation Posted January 8, 2009 Author Share Posted January 8, 2009 Never mind. I got it resolved. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.