How to fix Session Hijacking issue in ci3 |
07-26-2023, 03:17 AM
(This post was last modified: 07-26-2023, 04:06 AM by vikasranjan. Edit Reason: Added additional information which me be relivent. )
Hi
If I PHPSESSID value and past in a different browser. I am able to log in without a username and password. please check my configuration as well and let me know how I can fix it. $config['sess_driver'] = 'database'; $config['sess_save_path'] = 'ci_sessions'; $config['sess_use_database'] = TRUE; $config['sess_cookie_name'] = 'ci_sessions'; $config['sess_expiration'] = 2700; $config['sess_match_ip'] = TRUE; $config['sess_time_to_update'] = 1; $config['sess_regenerate_destroy'] = TRUE; $config['sess_expire_on_close'] = TRUE; $config['sess_encrypt_cookie'] = TRUE; $config['sess_match_useragent'] = TRUE; And sess_match_useragent is not getting stored in DB. Ref https://codeigniter.com/userguide3/libra...ase-driver I have used this CREATE TABLE IF NOT EXISTS `ci_sessions` ( `id` varchar(128) NOT NULL, `ip_address` varchar(45) NOT NULL, `timestamp` int(10) unsigned DEFAULT 0 NOT NULL, `data` blob NOT NULL, KEY `ci_sessions_timestamp` (`timestamp`) );
There is no such config: sess_match_useragent
What is the exact issue? |
Welcome Guest, Not a member yet? Register Sign In |