vijdev Posted August 10, 2010 Share Posted August 10, 2010 when PHPSESSID is stored in a cookie(or URL), and if some hacker gets hold of this wrongfully, can he create a pseudo-authentication, now that he has a sessionid? and then proceed with what a genuine login can do?... how to solve this? Quote Link to comment Share on other sites More sharing options...
Mchl Posted August 10, 2010 Share Posted August 10, 2010 Regenerate session id on each request Quote Link to comment Share on other sites More sharing options...
vijdev Posted August 10, 2010 Author Share Posted August 10, 2010 how to regenerate? how to detect am regenerating for a valid requets? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.