Session fixation and Session hijacking attack |
(06-28-2016, 01:21 AM)skunkbad Wrote: A quick read of this: Hi Skunkbad, Thank's for your reply. I was interesting with this point Quote:Things that are contributing to the session hijacking protection: I have search on google about that point and find this information http://stackoverflow.com/questions/63171...28#6317228 "12down voteaccepted Open your /application/config/config.php, locate "sess_use_database" and change it to "TRUE" if you haven't already. This way all session variables will be stored in a database table and session cookie will only contain session id string. For added security, you can also change "sess_match_ip" to TRUE. This way if someone steals your user's cookie and tries to pass it as their own, session will be destroyed." My questions, Does that point is enaugh ? Thank's |
Messages In This Thread |
Session fixation and Session hijacking attack - by projack89 - 06-27-2016, 11:03 PM
RE: Session fixation and Session hijacking attack - by marksman - 06-27-2016, 11:06 PM
RE: Session fixation and Session hijacking attack - by Narf - 06-28-2016, 12:29 AM
RE: Session fixation and Session hijacking attack - by projack89 - 06-28-2016, 12:52 AM
RE: Session fixation and Session hijacking attack - by skunkbad - 06-28-2016, 01:21 AM
RE: Session fixation and Session hijacking attack - by projack89 - 06-28-2016, 02:39 AM
|