Re: Is PHP session safe? — PHP Programming Language

You are here: Re: Is PHP session safe? « PHP Programming Language « IT news, forums, messages

Posted by Roman on 06/12/07 03:09

iktorn wrote:
> howa napisał(a):
>> 1. For example, without SSL, If I capture my local LAN packet and
>> scanned the SESSION ID, is it possible to hijack the session?
>>
>
> unfortunately yes
>
>> 2. So any recommendation for web apps session handling without SSL?
>>
>
> - use very short session life time
> - force user to login again before doing something important
>

How about caching the initiating IP during session creation? Unless
potential hijacker is behind same NAT box, he will have have different
IP and should not be able to hijack.

Roman

Navigation:

Next in forum: Re: Is PHP session safe?
Prev in forum: Re: OOT:Free download PHP n My Sql ebook..
Thread view: Re: Is PHP session safe?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация