ejaboneta Posted September 24, 2009 Share Posted September 24, 2009 I was reading on php security issues and i came across session hijacking. I was thinking about having the ip address stored in the session and matched before loading the page. Would that make sense? Is there a better way to protect against session id hijacking? Quote Link to comment https://forums.phpfreaks.com/topic/175432-session-security-by-ip/ Share on other sites More sharing options...
MadTechie Posted September 25, 2009 Share Posted September 25, 2009 Read here session_regenerate_id 7.3. Preventing session fixation Now that we have talked a bit about how the session ID can be stolen then let us talk a bit about how we can minimize the risk session fixation. Quote Link to comment https://forums.phpfreaks.com/topic/175432-session-security-by-ip/#findComment-924506 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.