You are here: Re: Secure Session - Tips « All PHP « IT news, forums, messages
Re: Secure Session - Tips

Posted by Øystein Hafli on 01/04/06 03:40

Marcos José Setim wrote:
> Hi,
>
> I've like to know if exists tips for developing the login using Session
> and Cookie to secure against invasion.
>

You can use a fingerprint function:

--
function fingerprint($username) {
$fingerprint = $username . $_SERVER['HTTP_USER_AGENT'];
$fingerprint = $fingerprint . "saltword";
$fingerprint = md5($fingerprint . session_id());
return $fingerprint;
}
--

When the user logs in:
$_SESSION['fingperprint'] = fingerprint($_SESSION['username']);

then, on the secured pages, do this:
if($_SESSION['fingerprint'] != fingerprint($_SESSION['username']) {
echo "Fingerprint mismatch";
session_desotry();
exit();
}


I got this from an article/a post at http://shiflett.org/, but I can't
find it. It's not bulletproof, but it's an extra measure :)

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация