PHPBuilder - Session hijacking



RSS Twitter
Tips Application Architecture

Session hijacking

by: Bart Schapendonk
|
August 20, 2000

This code prevents session hijacking. It compares the ip number of the creator with that of the user of the session. If they don't match it gives an error. BTW $sid is my session variable.
session_start();

if(!isset($sid) || empty($sid))
{
   $sess_addr = $REMOTE_ADDR;
   session_register(sess_addr);
}
elseif($sess_addr != $REMOTE_ADDR)
{
   echo "This sessions has been hijacked.";
   extt;
}

Comment and Contribute

Your comment has been submitted and is pending approval.

Author:
Bart Schapendonk

Comment:



Comment:

(Maximum characters: 1200). You have characters left.