Which is the best way or method to prevent session fixation and highjacking in php ? [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. 开发者_JAVA技巧 Closed 11 years ago.

I browsed various method to prevent session fixation and highjacking in php but I am finding it difficult to figure out which is the best way on which I can rely on . Like to prevent sql injection most of the developer suggest use of prepare statement .It is effective in preventing most of the sql injection attacks . Is there any such code , function or snippet availble best,quick and simple in regard to prevent attack on session . Please share it . Thank you all .

---

There is a few things you can do to help such as, when setting cookies set them to httponly so they are not able to be read from javascript, keep track of a users ip address and only allow access to the session if the users ip is within a certain range of the ip they started the session with, when starting a new session regenerate session id instead of reusing a previous one , keep track of the users browser and if that changes during a session do not allow access to the session. I am sure there are more but thats just off the top pf my head.

---

Do not allow http protocol, only https.

That's it, it prevents SESSID hijackings...

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://yourdomain.com/ [R]