Questions tagged [session-hijacking]

Session hijacking is a type of network security attack that relies on "guessing" the ISNs of TCP packets and taking control over communication. The attacker intercepts and retransmits messages such as the communication is still on. The attack is performed using a program which appears as a service to the client and as a client to the server.

118 questions

votes

1 answer

How to integrate these pieces of code to protect against session hijacking

I'm using these docs to integrate a certain level of protection against session hijacking (bottom of page). While I can understand the basics of what the article explains, I'm still new to all this and I'm just not able to pin-point what I should…

php session session-hijacking

asked Dec 21 '13 at 20:46

binoculars

2,016
3
28
46

votes

0 answers

Securing my web app with codeigniter: holes?

I'm building a web app and want to add some "decent" level of security. It's not the next generation bankingplatform so an overkill is not necessairy. However, I do want protection against your local neighbourhood hacker, since the app has an…

php security sql-injection csrf session-hijacking

asked Aug 16 '13 at 10:07

binoculars

2,016
3
28
46

votes

2 answers

Checking if a cookie has made it to the client's browser without waiting for the next connection

I am building a session control library that is designed to implement a (limited) form of security on the session store to prevent session hijacking (without SSL). It works by setting an nonce cookie, which is changed to a random string on every…

php session-cookies session-hijacking

asked Jul 29 '13 at 12:52

topherg

3,842
3
31
66

votes

2 answers

Avoid session hijacking in site with http

as I know the only way to avoid session hijacking in https ,but some times we don't want to use it. so I think about alternative way for it. I explain my way,can it be possible or is it good way? think we have third part server ( I called it Padra )…

session cookies web https session-hijacking

asked Mar 01 '13 at 22:25

Moein Hosseini

4,053
14
61
98

votes

2 answers

PHP Session Hijacking Detected

I have this code: if (isset( $_SESSION['user_agent'] )) { if ($_SESSION['user_agent'] != md5( $_SERVER['HTTP_USER_AGENT'] )) { die('Session error.'); } } Everything works fine. But every time I login (once per 24 hours), I get…

php security session session-hijacking

asked Feb 02 '13 at 14:53

user1453094

votes

2 answers

Whats the error in this python code?

What do i do to solve it? Terminal output is: abhi@abhi-desktop:~/Desktop/sslstrip-0.1$ python sslstrip.py --listen=3130 Traceback (most recent call last): File "sslstrip.py", line 254, in main(sys.argv[1:]) File "sslstrip.py", line 246,…

python session-hijacking

asked Sep 18 '09 at 00:08

Abhijeet Rastogi

14,835
24
73
123

votes

1 answer

suPHP Security With Sessions

I am trying to better understand suPHP. I have obviously found the suPHP documentation on google, and have found the generic answers for what it is and does, but I am confused on how it can help with session security and preventing session…

php security session session-hijacking suphp

asked Oct 17 '12 at 03:08

ZAX

votes

2 answers

Securing Sessions using unique information

To Avoid Session Hijacking after a user has logged In , what information can i rely on during login process to validate that indeed the legitimate user. So that someone who intercepts the session to relay will be invalidated Are their Ip address and…

asp.net session security owasp session-hijacking

asked Oct 06 '12 at 08:35

Deeptechtons

10,345
23
89
172

votes

2 answers

Using Session_regenerate_id()

Why is it always recommended that session_regenerate_id() should be used before the user's session is created. As per my perception, session_regenerate_id() should be used once the user session id is created, and we need to re-generate it so as to…

session-hijacking

asked Sep 14 '12 at 15:05

Troy

votes

1 answer

Does Storing Sessions In Database Prevent Hijacking/Fixation

After many hours of frustration, I've managed to write a script that stores PHP sessions in the database. My question is, does this prevent session hijacking and/or fixation? Thanks in advance.

php session session-hijacking session-fixation

asked May 29 '12 at 19:21

user870283

-1

votes

1 answer

How does this sound? Sessions & Cookies?

Cookies and sessions both have pros and cons. But I was thinking, how about when a user logs in it creates a session with their username and password in, but when they register they get given a unique 'access token'. So when they login it will…

session cookies session-hijacking

asked Sep 05 '11 at 19:24

frankmeacey

-1

votes

1 answer

Hijacking my own session in different browsers

I am trying to get logged in my web application with Firefox while I am logged in with chrome. I want to use the same cookies I have in chrome, append them in Firefox and find myself logged-in. Is this the correct way to do so?

cookies session-cookies session-hijacking

asked Dec 05 '18 at 15:17

OEH

-1

votes

1 answer

Auto login on other tabs when one tab is logged in

Alright I'm trying to test session fixation/hijacking on my localhost. I'm trying to give my URL with SID from the attacker to the victim and let victim login in that URL. But when the victim login, the attacker refreshed the page and still in the…

php cookies login session-hijacking session-fixation

asked Nov 03 '15 at 09:16

Lozy

Prev 1 2 3 4 5 6 7