Sunday, December 21, 2008

PHP > Sample Class Login with secure session

This class can be used to prevent security attacks known as session hijacking and session fixation.

When a session is initialized the class computes a fingerprint string that takes in account the browser user agent string, the user agent IP address or part of it and a secret word. If the fingerprint value changes, it is very likely that the session was hijacked and it should no longer be accepted.

To prevent session fixation attacks the calls the PHP session_regenerate_id() function so the session identifier changes everytime the session is checked.

Download : secureSession.zip [ mirror ]

Reference : www.phpclasses.org

Seja o primeiro a comentar

Post a Comment

Latest Comments

About Me

My photo
Makassar, Sulawesi Selatan, Indonesia

Guest Book


ShoutMix chat widget

Script Sense ©Template Blogger Green by Dicas Blogger.

TOPO