hijacking

[jwilson122]

Hey, I was wondering if anyone could help me out with tips on protecting my site from Session / Cookie Hijacking or some login function to help secure it more! My entire site is in pure PHP / MySQL.

 

Thanks in advance!

[Adam]

When you say "pure PHP / Mysql", do you mean you're using custom database sessions, or standard PHP sessions?

[jwilson122]

When you say "pure PHP / Mysql", do you mean you're using custom database sessions, or standard PHP sessions?

 

just standard php sessions:

//example
$uid = "1";
$_SESSION['user_id'] = $uid;

[Adam]

Have a read of this:

 

http://talks.php.net/show/phpworks2004-php-session-security/0

[jwilson122]

Have a read of this:

 

http://talks.php.net/show/phpworks2004-php-session-security/0

 

hmm. Thanks! So.. if I do everything in this step guide my site will be completely secure from hackers? For the login part at least lol

[Adam]

No that's to protect you from session hijacking.. For a good thorough look into security I'd recommend reading the security tutorial on the main PHPFreaks site.

[jwilson122]

No that's to protect you from session hijacking.. For a good thorough look into security I'd recommend reading the security tutorial on the main PHPFreaks site.

 

hmm, yeah I already read that.

[Adam]

Okay. Well security is a wide subject, do you have a particular area or piece of code you'd like more help with?

[jwilson122]

Okay. Well security is a wide subject, do you have a particular area or piece of code you'd like more help with?

 

Well... yeah, I'm gonna finish my function script then post it here so everyone could tell me if Im missing anything or something.