Home » » Php Session Security-Internet Security

Php Session Security-Internet Security

12:49
Because a session may contain sensitive information, you need to treat
 the session as a possible security hole. Session security is necessary to
 create and implement a session. If someone is listening in or snooping
 on a network, it's possible that he can intercept a session ID and use
 it to look like he is someone else. It's also possible to access session
 data from the local filesystem on multiuser systems such as ISP hosting machines.

Session hijacking is when someone accesses either a client's cookie
 or session ID, and then attempts to use this data. Session fixation
 is attempting to set your own session ID. Session fixation and
hijacking are easy to combat. We'll make use of the super global
variables for the client's IP address and browser type to keep things secure.


<?php
session_start();
$user_check = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
if (empty($_SESSION['user_data'])) {
session_regenerate_id();
echo ("New session, saving user_check.");
$_SESSION['user_data'] = $user_check;
}
if (strcmp($_SESSION['user_data'], $user_check) !== 0) {
session_regenerate_id();
echo ("Warning, you must reenter your session.");
$_SESSION = array();
$_SESSION['user_data'] = $user_check;
}
else {
echo ("Connection verified!");
}
?>

we stored the encoded combination of the IP address and
browser type. That way, when the user returns to this page,
we can compare the value stored in the session versus a fresh
 computation of the IP address and browser type. If the two
 don't match, we potentially have a hijacker, so we pick a new
 ID and clear out any saved data for that session. That way,
 the hijacker cannot retrieve any of the private information
stored in the session. This doesn't cause a problem for
legitimate users, because they aren't going to change browser
 or IP addresses in the middle of a session with your web site.




Categories: 
Related Posts:
  • How to Read an RSS Feed With PHP <?php include("../includes/config.php"); include("../includes/dbcon.php"); $tt_res=mysql_query("SELECT * FROM `rss_data`"); $num = mysql_num_rows($tt_res); if($num!=0) { $tt="TRUNCATE TABLE `rss_data`"; mysql_query($t… Read More
  • PHP Sessions - setcookie mplement a session timeout of your own.  Both options mentioned by others session.gc_maxlifetime  and session.cookie_lifetime are not reliable. session.gc_maxlifetime session.gc_maxlifetime specifies the number o… Read More
  • PHP Interview Questions with Answers-part1    What is PHP?     PHP is a server side scripting language  used for web development applications.     Php is the powerful tool for making dynamic website.     Ma… Read More
  • PHP Array Introduction Function Description PHP  Testing Array and sizeof( )<?php$fixture = Array( );// $fixture is expected to be empty.$fixture[] = "element";// $fixture is expected to contain one element.?>A really simple way … Read More
  • PHP-final METHODS-override a final method However, there are times where you might want to make sure that a method cannot be re-implemented in its derived  classes. For this purpose, PHP supports the Java-like final access modifier for methods that declares … Read More
  • Mysql Join query Codeigniter Mysql Join query Codeigniter code loads and initializes the database class based on your configuration settings. $query = $this->db->query('SELECT name, title, email FROM my_table'); foreach ($query->result() … Read More
  • How to Sending Data to a Database php How to Sending Data to a Database php Save Data to a Database by php The process of adding information to a table is similar  to creating the table itself in terms of which functions  you use, but the SQL quer… Read More
  • PHP isn’t as easy as working with JSON <?php $list = array( "eggs", "bread", "milk", "bananas", "bacon", "cheese" ); $xml = new SimpleXMLElement("<list />"); foreach($list as $item) { $xml->addChild("item", $item); } // for nice output $dom = dom_impo… Read More
  • Top PHP Tutorial website PHP - Wikipedia, the free encyclopedia PHP is a server-side scripting language designed for  web development but also used as a general-purpose programming language. As of January 2013, PHP was installed on ... http… Read More
  • Php Session Security-Internet Security Because a session may contain sensitive information, you need to treat  the session as a possible security hole. Session security is necessary to  create and implement a session. If someone is listening in or sno… Read More
  • php-best top 20 Open Source Content Management Systems best top 20 php Open Source Content Management Systems php-best top 20 Open Source Content Management Systems All this open source content management system written in PHP/mySQL and well configured themes and modules for … Read More
  • Top codeigniter interview question and answers codeigniter interview question  What is codeigniter? Codeigniter is open source , web application framework.Its is for building websites using php.Codeigniter is loosely based on MVC pattern.Most simple framework in ph… Read More
  • Rewriting Keyword-Rich URLs rules for your .htaccess file Modify the .htaccessfile in your seophpfolder like this: RewriteEngine On # Rewrite numeric URLs RewriteRule ^Products/C([0-9]*)/P([0-9]*)\.html$ i /product.php?category_id=$1&product_id=$2… Read More
  • PHP method of securely Tips PHP method of securely website PHP Web security tips Passwords used within your PHP application  should always be encrypted. If the server you are using does not support mcrypt(), use crypt() to encrypt the password… Read More
  • Top PHP Interview Questions with Answers For Job   What is PHP?     PHP is a server side scripting language  used for web development applications.     Php is the powerful tool for making dynamic website.     Many … Read More