Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Session hijacking problem
Session hijacking problem
  • Offline LuxesR
    Junior Member
  • **
  • Posts: 18
    Threads: 6
    Joined: Jun 2021
    Reputation: 0
#1
10-06-2023, 02:11 AM
(This post was last modified: 10-06-2023, 02:36 AM by LuxesR.)

I have a question about ci_session. We build our own login system with a session. We found out that if you copy and paste the ci_session and put it in an other browser, the user is logged in without seeing the login screen. I keep stuff as default as possible in CodeIgniter 4. But changed $sessionMatchIP to true in app/Config/App.php:
PHP Code:
public $sessionMatchIP true

My question is, is there a downside of having this setting on true? It feels much safer. Are there more settings to change to prevent session hijacking?
Thanks in advance.
I found out that the location of this setting has been changed since v4.4.0, but the question remains the same.
Reply


Messages In This Thread
Session hijacking problem - by LuxesR - 10-06-2023, 02:11 AM
RE: Session hijacking problem - by ozornick - 10-06-2023, 10:01 AM
RE: Session hijacking problem - by InsiteFX - 10-06-2023, 09:57 PM
RE: Session hijacking problem - by luckmoshy - 10-06-2023, 11:31 PM
RE: Session hijacking problem - by LuxesR - 10-11-2023, 05:54 AM



Theme © iAndrew 2016 - Forum software by © MyBB