Highest Voted 'session-fixation' Questions

0

votes

1 answer

php session.use_cookies and session fixation attacks

I had a look at this post, but I do not understand if using this code I'm vulnerable to session fixation…

php session-cookies session-fixation

asked Oct 13 '14 at 09:48

user3542686

0

votes

1 answer

Spring Security 3.2 CSRF Token - How to be protected when the post params modified by intercepting POST request?

I am new to Spring Security; with the help of tutorials I could setup in memory authentication and CSRF token. This works fine; users are authenticated and tokens are generated. Issue: When I intercept my own form post using fiddler, modify POST…

spring-security csrf session-fixation

asked Sep 12 '14 at 10:30

Jigar Thakkar

61
7

0

votes

0 answers

Session fixation using tomcat7 configuration

My entire application runs on ssl (https). We are using tomcat7 as container. Now in context.xml I have added below configuration and I am expecting after successful login, JSESSIONID will be changed - Valve…

tomcat7 jsessionid context.xml session-fixation

asked Jul 07 '14 at 16:06

Kartic

2,935
5
22
43

0

votes

2 answers

ZF2: How to implement session timeout and a session fixation fix

I want my sessions to expire after 30 minutes of inactivity however when I set this up, my users are getting logged out randomly, even though they may have had only a few seconds of inactivity. I think the problem lies with regenerating the session…

php session zend-framework2 session-fixation

asked May 11 '14 at 04:33

DatsunBing

8,684
17
87
172

0

votes

1 answer

Securing Login Form using IP Address

I have a user's table and it contains the ff. uid username password ip Here is the scene: If UserA was successfully logged in, the IP row will insert an IP so that if someone attempt to log in or attack, it will check first if IP exist(meaning:…

mysql database validation session-hijacking session-fixation

asked Mar 18 '14 at 03:44

Jake Pucan

628
8
11

0

votes

4 answers

Secure Member Login Using Cookies

Is storing username & password of the user in a cookie a good practice? I really want to know how big websites like (Facebook, digg, twitter) handle this. My code is like that:

php cookies authentication session session-fixation

asked Jan 02 '10 at 12:30

MoeAmine

5,976
2
18
21

0

votes

2 answers

Where to put session_regenerate_id() in a login script in PHP

I am creating a log in script and I need to know where exactly should I put the session_regenerate_id() function when I want to log the user in. The way I do it is like this: $user_id = $general->login($username,…

php session-fixation

asked May 24 '13 at 22:27

Sameer Zahid

553
1
9
20

0

votes

1 answer

session fixation, still an issue with register_globals off?

I've been reading into some articles about PHP security, and I came across this article: http://shiflett.org/articles/session-fixation This article describes that one can easily fixate a session by passing the PHPSESSID variable in a url request…

php session-fixation register-globals

asked May 01 '13 at 17:05

Gabi Barrientos

1,746
3
23
37

0

votes

2 answers

what means these examples about session fixation?

the first example "; ?> the second example

php session-fixation

asked Jan 05 '13 at 00:08

Roy

731
3
10
24

0

votes

2 answers

Spring's SessionFixationProtectionStrategy kills CDI Conversation under JBoss / Weld

I have an object that's marked as @ConversationScoped and is used between many steps of a wizard. This works perfectly except that when my user's are login in, the SessionFixationProtectionStrategy of Spring calls the session.invalidate() method to…

jboss spring-security cdi jboss-weld session-fixation

asked Aug 22 '12 at 20:47

user1054394

0

votes

1 answer

Does Storing Sessions In Database Prevent Hijacking/Fixation

After many hours of frustration, I've managed to write a script that stores PHP sessions in the database. My question is, does this prevent session hijacking and/or fixation? Thanks in advance.

php session session-hijacking session-fixation

asked May 29 '12 at 19:21

user870283

-1

votes

1 answer

Auto login on other tabs when one tab is logged in

Alright I'm trying to test session fixation/hijacking on my localhost. I'm trying to give my URL with SID from the attacker to the victim and let victim login in that URL. But when the victim login, the attacker refreshed the page and still in the…

php cookies authentication session-hijacking session-fixation

asked Nov 03 '15 at 09:16

Lozy

160
4
11

-1

votes

1 answer

Is session fixation possible if not using post and/ or get?

From what I can read online, it appears that session fixation attacks are caused by session_id information being passed through query strings in the url, or possibly through POST. For my website, I never pass the session information through GET or…

php html security session session-fixation

asked Jul 17 '15 at 18:56

brent ryczak

15
1
3

-1

votes

1 answer

How to do session fixation?

Can someone explain me how session fixation really works? On my localhost server I uploaded file with this code:

php session session-fixation

asked Aug 04 '13 at 13:29

Michal Svrcek

25
5

-1

votes

1 answer

Why is regenerating the session not a solution for preventing spoofing?

After hours of reading and trying to understand sessions, this is my general conclusion/perspective: Simple (and realistic) situation: Attacker takes an existing website 'website.example.com' and put random SID behind URL '9gag.com/?SID=1234' …

php session sessionid session-fixation

asked Nov 15 '12 at 20:26

user1178560

313
1
4
14

Prev 1 2 3

4

Questions tagged [session-fixation]