Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Moderator: General Moderators
samb0057
Forum Commoner
Posts: 27 Joined: Wed Mar 26, 2008 9:51 am
Post
by samb0057 » Fri Apr 18, 2008 3:02 pm
Code: Select all
/**
* Start session
**/
session_start();
/**
* Check fingerprint
**/
$fingerprint = hash('sha512', $_SERVER['REMOTE_ADDR'], true);
if (isset($_SESSION['fingerprint'])) {
if ($fingerprint !== $_SESSION['fingerprint'])
throw new exception('Session hijack attempted.');
}
}
else {
$_SESSION['fingerprint'] = $fingerprint;
}
Last edited by
onion2k on Fri Apr 18, 2008 3:10 pm, edited 1 time in total.
Reason: Use code tags [code=php][/code] around your code please.
Oren
DevNet Resident
Posts: 1640 Joined: Fri Apr 07, 2006 5:13 am
Location: Israel
Post
by Oren » Fri Apr 18, 2008 3:07 pm
You didn't ask anything... what's the point of this post?
onion2k
Jedi Mod
Posts: 5263 Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com
Post
by onion2k » Fri Apr 18, 2008 3:09 pm
That won't stop people behind the same router hijacking each others sessions.
samb0057
Forum Commoner
Posts: 27 Joined: Wed Mar 26, 2008 9:51 am
Post
by samb0057 » Fri Apr 18, 2008 3:16 pm
Oren wrote: You didn't ask anything... what's the point of this post?
Oh yeah. I dont know i just wanted to give this to anyone who needed it. I guess i should have put it in code snippets or something.