TalkPHP - View Single Post

9three · 12-16-2008, 02:47 PM

I always use HTTP_USER_AGENT and regenerate_id() on every page that is suppose to be secure.

You can put (mail) function under the echo if you really want to send an email whenever the session does not match the HTTP_USER_AGENT.

You can also use md5 to generate an encryption session

All these little stuff help you stop Session Hijacking.

12-16-2008, 02:47 PM	#2 (permalink)
9three The Contributor Join Date: Oct 2008 Posts: 75 Thanks: 4	I always use HTTP_USER_AGENT and regenerate_id() on every page that is suppose to be secure. You can put (mail) function under the echo if you really want to send an email whenever the session does not match the HTTP_USER_AGENT. You can also use md5 to generate an encryption session All these little stuff help you stop Session Hijacking. Last edited by 9three : 08-12-2009 at 02:19 PM.