How to prevent Session and Cookie Hacking?
Thread Tags
Adobe Illustrator Adobe InDesign Adobe Photoshop Android Development Android Programming Android Studio Automation Testing C / C++ Programming Career Options College Lounge css digital marketing Digital Marketing / SEO Fireworks Graphic Design Graphic designing Graphics Design Graphics Designing HTML? Illustrator Internship Training logo Design logo designing Magento Photoshop PHP Programming QA react-native Scroll Website SEO Single Page Website Stock Managment System Testing Typography UI UI/UX Development UI Design UI Designing UI development User Interface UX Design Web Designing Website Design Wordpress wpRegister for free!
Registration at Smart Mentors is completely free and takes only a few seconds. By registering you’ll gain:
- Full Posting Privileges.
- Access to Private Messaging.
- Optional Email Notification.
- Ability to Fully Participate.
Register Now, or check out the Site Tour and find out everything Smart Mentors has to offer.
Tagged: PHP Programming
This thread contains 1 reply, has 2 voices, and was last updated by darshan.soni007 2 years, 2 months ago.
- Author Replies
- February 7, 2019 at 1:38 pm #53273
Hello Sonal,
The session and cookie hacking can’t breach the database or the web application, but it can yield user accounts. A session is an entity triggered when users begin contact with a web server and consists of a period of communication between users and web application which is authenticated using security measures like a username and password.
Steps to prevent hacking:
-In order to prevent hackers from setting session ID’s prior to login, ID’s should be changed often, therefore, the session_regenerate_id() function should be used every time the user logs in, assigning them a fresh ID.
-The risk of this hacking can be mitigated by revalidating a user who is about to perform sensitive tasks like resetting their password (i.e. by making them re-enter their old password).
-If the user’s password is to be stored in a session variable, it needs to be encrypted (using the sha1() function).
-If your web application is handling sensitive information like debit and credit card numbers, then practicing an SSL or any other secured connection can also prevent session and cookie hacking
- AuthorPosts
You must be logged in to reply to this thread.Please login or register. Registration is 100% free.