Login   Register  
PHP Classes
elePHPant
Icontem

Secure Session

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

  Author  
Picture of Vagharshak Tozalakyan
Name: Vagharshak Tozalakyan <e-mail contact>
Packages: 28 Browse all classes by Vagharshak Tozalakyan Browse all classes by
Country: Armenia Armenia - PHP jobs in Armenia
Age: 33
All time rank: 61 in Armenia Armenia
Week rank: 30 Down1 in Armenia Armenia Equal
Innovation award
Innovation award
Nominee: 7x


  Detailed description   Download .zip .tar.gz  
This class can be used to prevent security attacks known as session hijacking and session fixation.

When a session is initialized the class computes a fingerprint string that takes in account the browser user agent string, the user agent IP address or part of it and a secret word. If the fingerprint value changes, it is very likely that the session was hijacked and it should no longer be accepted.

To prevent session fixation attacks the calls the PHP session_regenerate_id() function so the session identifier changes everytime the session is checked.

  Classes of Vagharshak Tozalakyan  >  Secure Session  >  Download .zip .tar.gz  >  Support forum Support forum (20)  >  Blog Blog  >  RSS 1.0 feed RSS 2.0 feed Latest changes  
Name: Secure Session
Support forum Support forum
Base name: secure_session
Description: Prevent session hijacking or session fixation
Version: -
PHP version: -
License: GNU General Public License (GPL)
All time users: 12785 users
All time rank: 69
Week users: 7 users
Week rank: 332 Down
 
  Groups   Rate classes User ratings   Trackback   Applications   Files Files  

  Groups  
Group folder image User Management User records, authentication and session handling View top rated classes
Group folder image Security Security protection and attack detection View top rated classes


  Innovation Award  
PHP Programming Innovation award nominee
January 2006
Number 2

Prize: One book of choice by O'Reilly
 Sessions have become one of possible features that can be exploited to perform security attacks to PHP sites.

Sessions are not insecure by themselves, but if they are not used with a certain care, they may be eventually abused by malicious users.

Session hijacking abuses can happen when somebody with privileged network access can sniff traffic that goes to potential victim site. Session fixation abuses can happen when a site uses the same session identifier for the same user before and after he authenticates to log in.

This class provides a solution to prevent these kinds of session abuses to prevent that PHP sites that use sessions become compromised.

Manuel Lemos

  User ratings  
Ratings
Utility
Consistency
Documentation
Examples
Tests
Videos
Overall
Rank
All time:
Good (91.1%)
Good (87.5%)
-
Good (84.9%)
-
-
Sufficient (62.8%)
622
Month:
Not yet rated by the users

  Trackback links  
Link Description
PHP Session Management There is no such thing as a 100% secure anything in this world of hackers/counter hackers...
Latest blog trackback links Latest blog trackback links

  Applications that use this class  
No application links were specified for this class.
Add link image If you know an application of this package, send a message to the author to add a link here.
  Files folder image Files  
File Role Description
Files folder imagesample (2 files)
Plain text file securesession.class.php Class Source

  Files  /  Files folder image sample  
File Role Description
  Accessible without login Plain text file index.php Example Sample
  Accessible without login Plain text file login.php Example Sample

Download all files: secure_session.tar.gz secure_session.zip
NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.