Welcome Guest, Not a member yet? Register   Sign In
Transfering sessions across domains
#11

[eluser]The Wizard[/eluser]
heheh thank you Smile

yes, thats true indeed.

so we make a special table, link it with the users id (via secret key).
on the table, we store all information about the user, (browser type, IP etc.)
and compare it with the user, which try's to login via the secret key.

At least, this would bring somehow a little bit security Smile

i remember a prominent example where gmail was a subject to those session
hijacking where you could gain access to a gmail account of choice.

Smile
damn. security is hard.
#12

[eluser]simshaun[/eluser]
Here's an interesting article I found about sessions between domains:

http://www.melbournechapter.net/wordpres...-with-php/
#13

[eluser]The Wizard[/eluser]
Thank you Smile

i will read it right away.
#14

[eluser]The Wizard[/eluser]
Thanks Smile

this are very good informations, i will keep them in my mind while i'm building my System.

Thank you very very much.
#15

[eluser]The Wizard[/eluser]
Hello again friendsSmile

dunno if it helps, i want to share a custom code
i use myself. Maybe its easy to develop but i still
want to share it with you so, here it is.

Code:
function Security_BrowserInfo () {

        $this->load->library('user_agent');

        $data_browser['user_id']        = $this->Session_UserID();
        $data_browser['ip']             = $this->Custom_ReturnClientIP();

        $data_browser['agent_string']   = $this->agent->agent_string();
        $data_browser['version']        = $this->agent->version();
        $data_browser['platform']       = $this->agent->platform();
        $data_browser['is_browser']     = $this->agent->is_browser();
        //$data_browser['is_referral']    = $this->agent->is_referral();

        return $data_browser;
    }


    function Security_StoreBrowserInfo( $data_browser ) {

        $this->load->helper('date');
        $data_browser['datetime']       = mdate( "%Y-%m-%d %H:%i:%s" );

        $this->db->insert( 'c88v2_user_account_info_browser', $data_browser );
    
    }


    function Security_returnBrowserInfo( $user_id ) {

        $this->db->select('user_id, ip, agent_string, version, platform, is_browser, is_referral');
        $this->db->from('c88v2_user_account_info_browser');

        $this->db->where('user_id', $user_id );
        $this->db->order_by("datetime", "desc");

        $this->db->limit( 1 );

        $query = $this->db->get();


        $num_rows = $query->num_rows();

        if ( $num_rows <= 0)
        {
            die ('nothing returned');
        }
        else
        {
            $row = $query->row_array();

            $data_browser_db['user_id']        = $row['user_id'];
            $data_browser_db['ip']             = $row['ip'];

            $data_browser_db['agent_string']   = $row['agent_string'];
            $data_browser_db['version']        = $row['version'];
            $data_browser_db['platform']       = $row['platform'];
            $data_browser_db['is_browser']     = $row['is_browser'];
            //$data_browser_db['is_referral']    = $row['is_referral'];

            return $data_browser_db;
        }
    }



    function Security_CheckBrowserInfo ( $user_id ) {

        $data_browser_db = $this->Security_returnBrowserInfo( $user_id );

        $data_browser = $this->Security_BrowserInfo();

//            DEBUG
//            echo '<pre>';
//            print_r( $data_browser_db );
//            echo '</pre>';
//
//
//            echo '<pre>';
//            print_r( $data_browser );
//            echo '</pre>';

        $result = array_diff( $data_browser_db, $data_browser );

        if ( count( $result ) > 0 )
        {
            return FALSE;
        }
        else
        {
            return TRUE;
        }

    }


    
    function Security_Key_Regenerate( $user_id ) {

        $key_secret = md5( uniqid( rand( 100, 99999999 ), TRUE ) );
        $data_user['user_key_secret']   = $key_secret;

        $this->db->where( 'user_id', $user_id );
        $this->db->update( 'c88v2_user_account', $data_user );

    }


its a set of functions, which may be of help to you so, i hope its
useful Smile

take care friends Smile




Theme © iAndrew 2016 - Forum software by © MyBB