Forum

How to prevent Session and Cookie Hacking?

This thread contains 1 reply, has 2 voices, and was last updated by  darshan.soni007 5 months, 1 week ago.

  • Author Replies
  • #53271

    How to prevent Session and Cookie Hacking?


  • #53273

    Hello Sonal,

    The session and cookie hacking can’t breach the database or the web application, but it can yield user accounts. A session is an entity triggered when users begin contact with a web server and consists of a period of communication between users and web application which is authenticated using security measures like a username and password.

     

    Steps to prevent hacking:

    -In order to prevent hackers from setting session ID’s prior to login, ID’s should be changed often, therefore, the session_regenerate_id() function should be used every time the user logs in, assigning them a fresh ID.

    -The risk of this hacking can be mitigated by revalidating a user who is about to perform sensitive tasks like resetting their password (i.e. by making them re-enter their old password).

    -If the user’s password is to be stored in a session variable, it needs to be encrypted (using the sha1() function).

    -If your web application is handling sensitive information like debit and credit card numbers, then practicing an SSL or any other secured connection can also prevent session and cookie hacking


You must be to reply to this thread.Please or . Registration is 100% free.

GET FREE CONSULTATION

Call Us Now For Free Consultation97370 05566

Our experts listen to you patiently and suggest you the right course after conducting a personality profile test. Register your interest below to schedule personality profile test for you.

SUBSCRIBE TO OUR NEWSLETTER

Contact Us

Working Hours

  • Monday9:00 AM – 9:00 PM
  • Tuesday9:00 AM – 9:00 PM
  • Wednesday9:00 AM – 9:00 PM
  • Thursday9:00 AM – 9:00 PM
  • Friday9:00 AM – 9:00 PM
  • Saturday9:00 AM – 9:00 PM
  • SundayClosed
Copyright 2016-2019 Smart Mentors. All Rights Reserved.

Login

FORGOT PASSWORD

Sign up now to Become An Instructor

Register your Interest