Questions tagged [session-hijacking]

Session hijacking is a type of network security attack that relies on "guessing" the ISNs of TCP packets and taking control over communication. The attacker intercepts and retransmits messages such as the communication is still on. The attack is performed using a program which appears as a service to the client and as a client to the server.

119 questions

votes

0 answers

Securing my web app with codeigniter: holes?

I'm building a web app and want to add some "decent" level of security. It's not the next generation bankingplatform so an overkill is not necessairy. However, I do want protection against your local neighbourhood hacker, since the app has an…

asked Aug 16 '13 at 10:07

binoculars

2,226
5
33
61

votes

2 answers

Checking if a cookie has made it to the client's browser without waiting for the next connection

I am building a session control library that is designed to implement a (limited) form of security on the session store to prevent session hijacking (without SSL). It works by setting an nonce cookie, which is changed to a random string on every…

php session-cookies session-hijacking

asked Jul 29 '13 at 12:52

topherg

4,203
4
37
72

votes

2 answers

Avoid session hijacking in site with http

as I know the only way to avoid session hijacking in https ,but some times we don't want to use it. so I think about alternative way for it. I explain my way,can it be possible or is it good way? think we have third part server ( I called it Padra )…

session cookies web https session-hijacking

asked Mar 01 '13 at 22:25

Moein Hosseini

4,309
15
68
106

votes

2 answers

PHP Session Hijacking Detected

I have this code: if (isset( $_SESSION['user_agent'] )) { if ($_SESSION['user_agent'] != md5( $_SERVER['HTTP_USER_AGENT'] )) { die('Session error.'); } } Everything works fine. But every time I login (once per 24 hours), I get…

php security session session-hijacking

asked Feb 02 '13 at 14:53

user1453094

votes

2 answers

Whats the error in this python code?

What do i do to solve it? Terminal output is: abhi@abhi-desktop:~/Desktop/sslstrip-0.1$ python sslstrip.py --listen=3130 Traceback (most recent call last): File "sslstrip.py", line 254, in main(sys.argv[1:]) File "sslstrip.py", line 246,…

python session-hijacking

asked Sep 18 '09 at 00:08

shadyabhi

16,675
26
80
131

votes

1 answer

suPHP Security With Sessions

I am trying to better understand suPHP. I have obviously found the suPHP documentation on google, and have found the generic answers for what it is and does, but I am confused on how it can help with session security and preventing session…

php security session session-hijacking suphp

asked Oct 17 '12 at 03:08

ZAX

votes

2 answers

Securing Sessions using unique information

To Avoid Session Hijacking after a user has logged In , what information can i rely on during login process to validate that indeed the legitimate user. So that someone who intercepts the session to relay will be invalidated Are their Ip address and…

asp.net session security owasp session-hijacking

asked Oct 06 '12 at 08:35

Deeptechtons

10,945
27
96
178

votes

2 answers

Using Session_regenerate_id()

Why is it always recommended that session_regenerate_id() should be used before the user's session is created. As per my perception, session_regenerate_id() should be used once the user session id is created, and we need to re-generate it so as to…

session-hijacking

asked Sep 14 '12 at 15:05

Troy

votes

1 answer

Does Storing Sessions In Database Prevent Hijacking/Fixation

After many hours of frustration, I've managed to write a script that stores PHP sessions in the database. My question is, does this prevent session hijacking and/or fixation? Thanks in advance.

php session session-hijacking session-fixation

asked May 29 '12 at 19:21

user870283

-1

votes

1 answer

How does HTTPS/TLS/SSL prevent Session Hijacking?

I've been reading from (how do https prevent session hijacking) where it says that the hijacker will only see encrypted data and not the plain text hence it is not possible for them to hijack session. But given the actual user is also sending…

ssl https session-hijacking

asked Aug 26 '23 at 07:28

Kraken

23,393
37
102
162

-1

votes

1 answer

How to protect Laravel session hijacking

I am struggling against hackers now. My project is in laravel. Not sure how but they are getting administrator session and do all things in the project now. I researched in the INTERNET and they are saying it is Laravel session hijacking. Anyone who…

laravel security session-hijacking

asked Apr 14 '23 at 03:18

todayforfuture

-1

votes

1 answer

How does this sound? Sessions & Cookies?

Cookies and sessions both have pros and cons. But I was thinking, how about when a user logs in it creates a session with their username and password in, but when they register they get given a unique 'access token'. So when they login it will…

session cookies session-hijacking

asked Sep 05 '11 at 19:24

frankmeacey

-1

votes

1 answer

Hijacking my own session in different browsers

I am trying to get logged in my web application with Firefox while I am logged in with chrome. I want to use the same cookies I have in chrome, append them in Firefox and find myself logged-in. Is this the correct way to do so?

cookies session-cookies session-hijacking

asked Dec 05 '18 at 15:17

OEH

-1

votes

1 answer

Auto login on other tabs when one tab is logged in

Alright I'm trying to test session fixation/hijacking on my localhost. I'm trying to give my URL with SID from the attacker to the victim and let victim login in that URL. But when the victim login, the attacker refreshed the page and still in the…

php cookies authentication session-hijacking session-fixation

asked Nov 03 '15 at 09:16

Lozy

Prev 1 2 3 4 5 6 7