Home » » keep your session secure php

keep your session secure php

02:40
  1. Use SSL when authenticating users or performing sensitive operations.
  2. Regenerate the session id whenever the security level changes (such as logging in). You can even regenerate the session id every request if you wish.
  3. Have sessions time out
  4. Don't use register globals
  5. Store authentication details on the server. That is, don't send details such as username in the cookie.
  6. Check the $_SERVER['HTTP_USER_AGENT']. This adds a small barrier to session hijacking. You can also check the IP address. But this causes problems for users that have changing IP address due to load balancing on multiple internet connections etc (which is the case in our environment here).
  7. Lock down access to the sessions on the file system or use custom session handling
  8. For sensitive operations consider requiring logged in users to provide their authenication details again.
Categories: 
Related Posts:
  • PHP-Mathematical Functions ABS(expr)    This function returns the absolute (positive) value of expr. SIGN(expr)    This function returns -1, 0, or 1 depending on whether expr is negative, zero, or positive, re… Read More
  • Setting a session's time-PHP After a certain time period, it's reasonable to expect that a user's session should automatically log out, which is essentially an expiration period. PHP allows you to specifically set this duration. The best way to d… Read More
  • PHP function using PDO for databse function db_connect() { $dsn = "mysql:host=localhost;dbname=test;charset=utf8"; $opt = array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_A… Read More
  • PHP-Super global variables Global variables should be used sparingly, since it's easy to accidentally modify a variable by mistake. This kind of error can be very difficult to locate. Additionally, when we discuss functions in detail, you'll lea… Read More
  • Database Backups using mysqldump The MySQL server, and mysql, the MySQL client, a MySQL installation comes with many useful utility programs. We have seen mysqladmin, which is responsible for the control and retrieval of information about an operati… Read More
  • php tutorial-for beginners PHP Functions | PHP Interview Questions,PHP tutorial,seo-tips,seo tutorial,N... PHP Sessions | PHP Interview Questions,PHP tutorial,seo-tips,seo tutorial,Ne... Cookies Ver… Read More
  • PHP registration form-code-demo PHP registration form-code-demo <?php//error_reporting(0); session_start(); include "include/connection.php"; include "include/functions.php"; $fname=''; $lname=''; $dob=''; … Read More
  • Advantages of Using PHP with MySQL Advantages of Using PHP with MySQL   There are several factors that make using PHP and MySQL together a natural choice: PHP and MySQL work well together PHP and MySQL have been developed with each other in … Read More
  • PHP file functions fopen    Opens a file for reading and/or writing. This file can be stored on the server's hard disk, or PHP can load it from a URL just like a Web browser would. fclose    Tells PHP y… Read More
  • How register the variables into a session? session_register ($session_var) function. (adsbygoogle = window.adsbygoogle || []).push({}); … Read More
  • Managing the Database Creating Users To create users above and beyond the default privileged root user, issue the grant command. The grant command uses this syntax: GRANT PRIVILEGES ON DATABASE.OBJECTS TO'USER'@'HOST' IDENTIFIED BY 'PASSWORD… Read More
  • Create the months table With MySQL Create the months table as follows: CREATE TABLE months ( month_id INT NOT NULL AUTO_INCREMENT, month VARCHAR (20), days INT, PRIMARY KEY (month_id));      To add the months to the new table, s… Read More
  • Methods and Constructors-PHP Methods are the functions defined within the class. They work within the environment of the class, including its variables. For classes, there is a special method called a constructor that's called when a new instance … Read More
  • Showing the Browser and IP Address php Here is a demo page that prints out the browser string and the IP address of the HTTP request. Create a file with the following content in your web directory, name it something like demo.php, and load it in your browser. … Read More
  • Requiring Cookies If the browser doesn’t accept cookies, a session cannot be established because the PHP directive sessions_use_only_cookies has been set to 1 and the alternative (passing the PHPSESSID in the query string of the URL) has been… Read More