Session hijacking

by: Bart Schapendonk

August 20, 2000

This code prevents session hijacking. It compares the ip number of the creator with that of the user of the session. If they don't match it gives an error. BTW $sid is my session variable.

session_start();

if(!isset($sid) || empty($sid))
{
   $sess_addr = $REMOTE_ADDR;
   session_register(sess_addr);
}
elseif($sess_addr != $REMOTE_ADDR)
{
   echo "This sessions has been hijacked.";
   extt;
}

Comment and Contribute

0 Comments (click to add your comment)

Your comment has been submitted and is pending approval.

Author:

Bart Schapendonk

Comment:

Name/nickname:
Email:

Comment:

(Maximum characters: 1200). You have characters left.