ejaboneta Posted September 24, 2009 Share Posted September 24, 2009 I was reading on php security issues and i came across session hijacking. I was thinking about having the ip address stored in the session and matched before loading the page. Would that make sense? Is there a better way to protect against session id hijacking? Link to comment https://forums.phpfreaks.com/topic/175432-session-security-by-ip/ Share on other sites More sharing options...
MadTechie Posted September 25, 2009 Share Posted September 25, 2009 Read here session_regenerate_id 7.3. Preventing session fixation Now that we have talked a bit about how the session ID can be stolen then let us talk a bit about how we can minimize the risk session fixation. Link to comment https://forums.phpfreaks.com/topic/175432-session-security-by-ip/#findComment-924506 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.