astions I'm not sure as to what key you are talking about, maybe like a token - a fingerprint, is that what you meant?
Anyways, I believe that +1 query is not that bad when this adds some more security to the application.
Jenk wrote:Code: Select all
Login();
$_SESSION['id'] = md5(session_id() . $_SERVER['REMOTE_ADDR']);
<session hijacked>
if ($_SESSION['id'] !== md5(session_id() . $_SERVER['REMOTE_ADDR'])) {
session_destroy();
Logout();
die('be gone hijacker');
}
astions made a very good point why it should be avoided, and I would like to add that relaying on most of the $_SERVER variables is not a good idea since they may change and they are also easy fake.
This code would be a good idea though:
Code: Select all
$fingerprint = md5($_SERVER['HTTP_USER_AGENT'] . $some_keyword);
The point behind this: As I said before, the $_SERVER variables can be easily faked, and $_SERVER['HTTP_USER_AGENT'] is no exception, but it still adds some security since it's not very likely that good_guy would switch browsers all of a sudden. If good_guy does switch browsers after all, then we simply ask him to re-login. If the $_SERVER['HTTP_USER_AGENT'] has changed because it's bad_guy who is trying to gain access, he simply wouldn't know the password.
Read
http://phpsec.org/projects/guide/4.html#4.2 to understand this better and if you want to know what $some_keyword is for.