vijdev Posted August 10, 2010 Share Posted August 10, 2010 when PHPSESSID is stored in a cookie(or URL), and if some hacker gets hold of this wrongfully, can he create a pseudo-authentication, now that he has a sessionid? and then proceed with what a genuine login can do?... how to solve this? Link to comment https://forums.phpfreaks.com/topic/210374-phpsessid-security/ Share on other sites More sharing options...
Mchl Posted August 10, 2010 Share Posted August 10, 2010 Regenerate session id on each request Link to comment https://forums.phpfreaks.com/topic/210374-phpsessid-security/#findComment-1097783 Share on other sites More sharing options...
vijdev Posted August 10, 2010 Author Share Posted August 10, 2010 how to regenerate? how to detect am regenerating for a valid requets? Link to comment https://forums.phpfreaks.com/topic/210374-phpsessid-security/#findComment-1097790 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.