Faks Posted October 14, 2010 Share Posted October 14, 2010 Here is my Session Custom Protection not sure does it is effective but i do hope . session_start(); // Sessija Aizkodēšana $session_data = session_encode(); //Sessijas id maiņa $old_session_id = session_id(); session_regenerate_id(); $new_session_id = session_id(); $token = uniqid(sha1(rand(), true)); $_SESSION['token'] = $token; $fingerprint = 'SHIFLETT' . $_SERVER['HTTP_USER_AGENT']; isset($_SESSION['fingerprint']) == (sha1($fingerprint . session_id())); And also for login form i added . <form> <input type='hidden' name='token' value='{$token}'/> </form> I Wonder Why i do encounter them and a lot of them ^^ maybe i am misunderstanding Access Me String Test Results http://faksx.sytes.net/blogs/ :: Cookie Attack Details: * Input Parameter: PHPSESSID The attacked page is dangerously similar to the original page. It is 99.115% similar. Got access to a resource that should be protected. Server response code: 200 OK. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.