Page 1 of 1
Session hijack protection
Posted: Fri Apr 18, 2008 3:02 pm
by samb0057
Code: Select all
/**
* Start session
**/
session_start();
/**
* Check fingerprint
**/
$fingerprint = hash('sha512', $_SERVER['REMOTE_ADDR'], true);
if (isset($_SESSION['fingerprint'])) {
if ($fingerprint !== $_SESSION['fingerprint'])
throw new exception('Session hijack attempted.');
}
}
else {
$_SESSION['fingerprint'] = $fingerprint;
}
Re: Session hijack protection
Posted: Fri Apr 18, 2008 3:07 pm
by Oren
You didn't ask anything... what's the point of this post?
Re: Session hijack protection
Posted: Fri Apr 18, 2008 3:09 pm
by onion2k
That won't stop people behind the same router hijacking each others sessions.
Re: Session hijack protection
Posted: Fri Apr 18, 2008 3:16 pm
by samb0057
Oren wrote:You didn't ask anything... what's the point of this post?
Oh yeah. I dont know i just wanted to give this to anyone who needed it. I guess i should have put it in code snippets or something.