Sign In!
|
New User?Signup Now!
|
Forgot password?
Source Code 4 you
Home
Create Forum Topic
Check WebSite Rank
Publish Articles
UV Web Booster
Contact
Forum Type
Search Engine
.Net C# VB F# VC++
MonoPoject
Java J2EE
Zand Php Cake Php
Oracle Database Server
Mysql Database Server
DB2 Database Server
MSSql Databse Server
Javascript Ajax
Html Xml Xhtml
C Programming
C++ Programming
D Programming
CGI Programming
Perl Programming
Cobol Programming
Pascal Programming
Ruby Programming
Drupal Programming
Automobile
Software Testing
Linux Unix Mac Sun OS
Embedded Systems
Mainframe
IC Microcircuit Chip
Electronics Electrical
Hardware Netwarking
SAP ERP
Logical Reasoning
Human Resources
Science
Agriculture
Accounting
History
Pharmaceutical
Other Topic
Zand Php Cake Php
Posted by :
Dave
Session / Security
Not quite
sure how this works but how does one steal a session?
I have my
session info stored in the database... if i added ip to the session so it
also checks that the session ip matches the user ip would that increase the
session sucurity? What a safe guards / good practsise to secure session
data?
Thanks
Dave
Posted by :
Bert Van den Brande
Re : Session / Security
I'm no expert on the subject, but I think session can be hijacked by :
*
'stealing' a sessions id from the url. This is only possible if the
user browser doesn't use cookies so the session id is visible in the url
* stealing a session cookie
In either cases, logging the user's ip would increase security imho.
Posted by :
Dave
Re : Session / Security
Right on.
In my app nothing is passed in the url all my
non-private areas are like /manage/profile or /manage/account as everything
related to the user is obtained by auth ID of the logged in user and getting the
info based on that.
So i was just wondering if someone did get the session,
how would they do it and ways to prevent it.
Thanks
Dave
If you have the better reply, then send it to us. We will display your reply after the approval.
Name :
Email Id :
Reply :