Session hijacking is a type of network security attack that relies on "guessing" the ISNs of TCP packets and taking control over communication. The attacker intercepts and retransmits messages such as the communication is still on. The attack is performed using a program which appears as a service to the client and as a client to the server.
Questions tagged [session-hijacking]
118 questions
1
vote
2 answers
asp.net membership LoginStatus control needs codes?
I'm using loginStatus control to let my users to logout . I write no more codes for logout process ( no session removing , deleting cookies or redirecting user ) , just rely on the control's build-in code.
now I wonder if it is enough to put a…
mohsen dorparasti
- 6,962
- 5
- 35
- 58
0
votes
1 answer
Pass HTTP session for third party site from server to client
Let's say my web app is acting on behalf of users who give their credentials to my app so the app can make API calls to a third party service. Incidentally, this is for posting product offers to this third party site (bit like eBay, but on a smaller…
Lumi
- 13,155
- 7
- 50
- 84
0
votes
3 answers
PHP session hijack
Possible Duplicate:
PHP Session Fixation / Hijacking
I've been using $_SESSION superglobal a lot and heavily.
However the situation is like this:
Once the user is logged I want to keep track of his ID(MySQL table). I can easily
insert the id…
lukas.pukenis
- 11,459
- 12
- 42
- 78
0
votes
1 answer
Trying to understand CakePHP cookies & authentication
I'm trying to figure out CakePHP cookies and meet my slightly unusual authentication requirements.
I have a CakePHP-based data collection system that is now being integrated with a reporting system built with COTS software. The reporting system…
tomfumb
- 3,371
- 2
- 29
- 43
0
votes
2 answers
Session Management and Security
This is my current session management:
if(!isset($_SESSION["user"]["authenticated"]) ||
!$_SESSION["user"]["authenticated"])
redirect("login.php");
if($_SESSION["user"]["browserHash"] != md5($_SERVER["HTTP_USER_AGENT"]))
…
Rolando Cruz
- 2,669
- 1
- 12
- 22
0
votes
0 answers
Prevent Session Hijacking - Implement in React-Native (Axios)
I'm looking for a solution to Implement Proper Session Management and I want to prevent Session Hijacking.
I have build a mobile application on React-Native and making API calls using the Axios library. What I understand from the above Mitigation…
Yagnesh Vakharia
- 41
- 1
0
votes
0 answers
Is session hijacking possible using same system and same browser?
Basically, I have two questions
A.
Is session hijacking possible with the same system but two new instances of the browsers (eg. 1.New Window and 2.Incognito)?
If Yes, then how could I prevent session hijacking in this scenario?
What I have tried is…
Vaibhav Deshmukh
- 95
- 1
- 8
0
votes
0 answers
How to obtain the session id from WebAuthenticationDetails and change it after login successful. I use org.acegisecurity to implement the session
Similar to this post I have been trying to change the session Id after login. I want to know if anyone has any useful pointers for preventing Session Hijack attack using WebAuthenticationDetails from acegisecurity.jar
SamTribs
- 1
- 1
0
votes
0 answers
Comcast Wifi Hotspot Hijacking?
Does anyone have any idea of my weirdly put together question? From my observation of certain link redirects and a variety of developer related coding that I noticed within the backlog of my google chrome or firefox browser - seems like my internet…
Lief
- 9
- 3
0
votes
0 answers
Python TCP hijack attack to create directory on Linux
I have opened three terminals and logged into client, server and attacker containers.
From here I made a telnet connection to the server from the client terminal.
I located the most recent TCP connection using wireshark and found the next sequence…
deezy
- 49
- 3
0
votes
0 answers
Avoid session hijack within my own website
I recently created a small website where users can sign-in (session is stored as a cookie with the flag HttpOnly).
Users can create and upload their own files and share some of them with their friends/colleagues or even make them completely…
0
votes
0 answers
How can I make a website more secured with a nodejs backend and reactjs frontend & mongodb as a database
I am making a social media project and I am using JWT tokens for authentication, I am worried if my JWT token can be stolen away from my user's browser and can be used for malicious purpose.
Nikhil
- 1
- 2
0
votes
2 answers
can we avoid session hijacking using spring security?
We are using apache tomcat as a server for our Spring MVC based web application. If a user has been logged in from a browser let's say chrome, and we copied its JSESSIONID and pasted into another browser let's say Firefox, and then we are able to…
Navnath
- 9
- 6
0
votes
1 answer
Is it possible for a hacker to impersonate a user by stealing session token and then faking the user-agent, IP and other details?
The common practice followed in authenticating and then session tracking involves using session id retrieved from the client and then comparing the user details stored in the database to match the session id, user agent details, IP etc.
Now, if a…
Ano
- 11
- 1
- 1
- 6
0
votes
1 answer
Is PHP's session_regenerate_id() collision free?
I currently working on a project in PHP (7.2). I call the session_regenerate_id() function on every request to prevent session hijacking attacks, (It is a small part in the whole process of detecting an hijacked session).
The question is the…
Daniel Rotnemer
- 75
- 2
- 8