+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 3.x (https://forum.codeigniter.com/forumdisplay.php?fid=17)
+--- Thread: How to fix Session Hijacking issue in ci3 (/showthread.php?tid=88124)
How to fix Session Hijacking issue in ci3 - vikasranjan - 07-26-2023
Hi
If I PHPSESSID value and past in a different browser. I am able to log in without a username and password. please check my configuration as well and let me know how I can fix it.
$config['sess_driver'] = 'database';
$config['sess_save_path'] = 'ci_sessions';
$config['sess_use_database'] = TRUE;
$config['sess_cookie_name'] = 'ci_sessions';
$config['sess_expiration'] = 2700;
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 1;
$config['sess_regenerate_destroy'] = TRUE;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_match_useragent'] = TRUE;
And sess_match_useragent is not getting stored in DB.
Ref https://codeigniter.com/userguide3/libraries/sessions.html#database-driver
I have used this
CREATE TABLE IF NOT EXISTS `ci_sessions` (
`id` varchar(128) NOT NULL,
`ip_address` varchar(45) NOT NULL,
`timestamp` int(10) unsigned DEFAULT 0 NOT NULL,
`data` blob NOT NULL,
KEY `ci_sessions_timestamp` (`timestamp`)
);
RE: How to fix Session Hijacking issue in ci3 - kenjis - 07-28-2023
There is no such config: sess_match_useragent
What is the exact issue?