Jump to content

$_SERVER information.


Guest daleosmond

Recommended Posts

Guest daleosmond
Hey,
I am developing an user system class for mysite i have noticed that session can be hijacked
If someone was to ge the php session id so therfor i need to take somethink from an user computer
And store it into the session and finalyy compair it when it check to see if an user is signed in.
I cannot use $_SERVER['REMOTE_ADDR'] this is because AOL user ip changes quite often while surfing.
So does anyone know what i could take?




thanks in advanced,
dale [img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /]
Link to comment
Share on other sites

You could give them a another variable, and store it in their cookies.

On my site, when someone logs in they are given a random hash which is stored in their cookies, and my mysql database, and everytime they go to a new page it asks for their current hash and compares from their cookie to the database, if it is different it boots them.

This means that if someone were to steal the cookies and hijack the session, the user qould just have to log back in and the cookie id would have changed and the hacker will be booted. Also you need to require the old password when changing it to a new one so that if a session is hijacked, they cant change the password.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.