Login   Register  
PHP Classes
elePHPant
Icontem

Secure Session: Prevent session hijacking or session fixation

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

  Author Author  
Picture of Vagharshak Tozalakyan
Name: Vagharshak Tozalakyan <contact>
Classes: 28 packages by
Country: Armenia Armenia
Age: 35
All time rank: 61 in Armenia Armenia
Week rank: 21 Down1 in Armenia Armenia Equal
Innovation award
Innovation award
Nominee: 7x


  Detailed description   Download Download .zip .tar.gz   Install with Composer Install with Composer  
This class can be used to prevent security attacks known as session hijacking and session fixation.

When a session is initialized the class computes a fingerprint string that takes in account the browser user agent string, the user agent IP address or part of it and a secret word. If the fingerprint value changes, it is very likely that the session was hijacked and it should no longer be accepted.

To prevent session fixation attacks the calls the PHP session_regenerate_id() function so the session identifier changes everytime the session is checked.

  Classes of Vagharshak Tozalakyan  >  Secure Session  >  Download Download .zip .tar.gz  >  Support forum Support forum (21)  >  Blog Blog  >  RSS 1.0 feed RSS 2.0 feed Latest changes  
Name: Secure Session
Base name: secure_session
Description: Prevent session hijacking or session fixation
Version: 1.0.0
PHP version: -
License: GNU General Public License (GPL)
All time users: 13221 users
All time rank: 72
Week users: 6 users
Week rank: 249 Down
 
  Groups   Rate classes User ratings   Trackback   Applications   Files Files  

  Groups  
Group folder image User Management User records, authentication and session handling View top rated classes
Group folder image Security Security protection and attack detection View top rated classes


  Innovation Award  
PHP Programming Innovation award nominee
January 2006
Number 2


Prize: One book of choice by O'Reilly
Sessions have become one of possible features that can be exploited to perform security attacks to PHP sites.

Sessions are not insecure by themselves, but if they are not used with a certain care, they may be eventually abused by malicious users.

Session hijacking abuses can happen when somebody with privileged network access can sniff traffic that goes to potential victim site. Session fixation abuses can happen when a site uses the same session identifier for the same user before and after he authenticates to log in.

This class provides a solution to prevent these kinds of session abuses to prevent that PHP sites that use sessions become compromised.

Manuel Lemos

  User ratings  
RatingsUtility Consistency Documentation Examples Tests Videos Overall Rank
All time: Good (91%) Good (87%) - Good (84%) - - Sufficient (62%) 664
Month: Not yet rated by the users

  Pages that reference this package  
PHP Session Management
There is no such thing as a 100% secure anything in this world of hackers/counter hackers...

Latest pages that reference packages Latest pages that reference packages


  Applications that use this package  
No pages of applications that use this class were specified.
Add link image If you know an application of this package, send a message to the author to add a link here.
  Files folder image Files  
File Role Description
Files folder imagesample (2 files)
Plain text file securesession.class.php Class Source

  Files folder image Files  /  sample  
File Role Description
  Accessible without login Plain text file index.php Example Sample
  Accessible without login Plain text file login.php Example Sample

Install with Composer Install with Composer - Download Download all files: secure_session.tar.gz secure_session.zip
NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.