473,399 Members | 3,401 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > regarding session security

Join Bytes to post your question to a community of 473,399 software developers and data experts.

Regarding Session Security

I've been delving into persistent sessions more, and I'm just wondering...
To prevent session-snatching (by someone else using the same session ID),
would putting the IP address as a session variable, and checking that on
every page, be an effective deterrent? This still allows for IP spoofing,
but anyone going that far can have it, as far as I care.

--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #1
1 1606
FLEB <so*********@mmers.and.evil.ones.will.bow-down-to.us> writes:
I've been delving into persistent sessions more, and I'm just wondering...
To prevent session-snatching (by someone else using the same session ID),
would putting the IP address as a session variable, and checking that on
every page, be an effective deterrent? This still allows for IP spoofing,
but anyone going that far can have it, as far as I care.


Whether the check you describe would be reliable and effective
depends on your environment. Do your users have a 1:1 mapping with
IP addresses? Does a particular user always use the same IP address?
These conditions may be true in certain environments, but they're
not true on the Internet.

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/
Jul 17 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
Question regarding GET and POST
by: stuie... | last post by:
First off, I'm a newbie to PHP and server side scripting. I'm curious if there are any specific guidelines as to when one should use "GET" or "POST" in forms processing. I've had issues moreso...
PHP
1
Why is Session working for all users except one?
by: Scott Wickham | last post by:
I'm having a problem saving session information on one form and retrieving it on a subsequent form...for only one out of a number of users. Actually, I'm not absolutely certain it's a session...
.NET Framework
1
Question regarding bypassing security
by: tim almond | last post by:
I currently have a system where the client has a login page which has a SQL server database behind it and does authentication. The client wants to have a page which can be logged into by passing...
ASP.NET
9
Losing session values
by: Adrian Parker | last post by:
We have a website that works everywhere but on a few PCs on this one site.. Asp.Net 1.1 Server = Windows 2003 Client = XP In the web.config we use - cookieless="false" in the browser settings...
ASP.NET
2
Question regarding ASP.NET Sessions...
by: Dean R. Henderson | last post by:
For an ASP.NET web application, is there a way for one session (with appropriate security authorization) to set a HttpSessionState variable to point to another session and execute the Abandon...
ASP.NET
8
question regarding OR clause with fietch first 1 row only
by: Roger | last post by:
I have a question regarding the behaviour of sql with OR and fetch first 1 rows only : I have a table with data : ACNO NAME TELNO CITY ZIP 1000 ...
DB2 Database
6
Session
by: Bhagya | last post by:
Hello, On the LogOut Page i have done Session.Abandon(); And on every Page, In the Page_Load Event i check if the session exists and only then display data. Now the problem is after i logout from...
ASP.NET
43
why a session-based program behaves different on different computers
by: davidkoree | last post by:
I mean not about cookie. Does it have something to do with operating system or browser plugin? I appreciate any help.
PHP
13
maintain a single session across multiple servers
by: Samir Chouaieb | last post by:
Hello, I am trying to find a solution to a login mechanism for different domains on different servers with PHP5. I have one main domain with the user data and several other domains that need...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!