Faks Posted October 14, 2010 Share Posted October 14, 2010 Here is my Session Custom Protection not sure does it is effective but i do hope . session_start(); // Sessija Aizkodēšana $session_data = session_encode(); //Sessijas id maiņa $old_session_id = session_id(); session_regenerate_id(); $new_session_id = session_id(); $token = uniqid(sha1(rand(), true)); $_SESSION['token'] = $token; $fingerprint = 'SHIFLETT' . $_SERVER['HTTP_USER_AGENT']; isset($_SESSION['fingerprint']) == (sha1($fingerprint . session_id())); And also for login form i added . <form> <input type='hidden' name='token' value='{$token}'/> </form> I Wonder Why i do encounter them and a lot of them ^^ maybe i am misunderstanding Access Me String Test Results http://faksx.sytes.net/blogs/ :: Cookie Attack Details: * Input Parameter: PHPSESSID The attacked page is dangerously similar to the original page. It is 99.115% similar. Got access to a resource that should be protected. Server response code: 200 OK. Link to comment https://forums.phpfreaks.com/topic/215834-session-protection-issues/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.