Understanding Session ID
View Single Post
12-16-2008, 02:47 PM
Join Date: Oct 2008
I always use HTTP_USER_AGENT and regenerate_id() on every page that is suppose to be secure.
You can put (mail) function under the echo if you really want to send an email whenever the session does not match the HTTP_USER_AGENT.
You can also use md5 to generate an encryption session
All these little stuff help you stop Session Hijacking.
Last edited by 9three : 08-12-2009 at
View Public Profile
Send a private message to 9three
Find More Posts by 9three