开发者

Which is the best way or method to prevent session fixation and highjacking in php ? [closed]

问答 作者:
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. 开发者_JAVA技巧 Closed 11 years ago.

I browsed various method to prevent session fixation and highjacking in php but I am finding it difficult to figure out which is the best way on which I can rely on . Like to prevent sql injection most of the developer suggest use of prepare statement .It is effective in preventing most of the sql injection attacks . Is there any such code , function or snippet availble best,quick and simple in regard to prevent attack on session . Please share it . Thank you all .

There is a few things you can do to help such as, when setting cookies set them to httponly so they are not able to be read from javascript, keep track of a users ip address and only allow access to the session if the users ip is within a certain range of the ip they started the session with, when starting a new session regenerate session id instead of reusing a previous one , keep track of the users browser and if that changes during a session do not allow access to the session. I am sure there are more but thats just off the top pf my head.

Do not allow http protocol, only https.

That's it, it prevents SESSID hijackings...

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://yourdomain.com/ [R]

继续阅读:phpsecuritysession

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9