How to prevent Session and Cookie Hacking?
Thread Tags
Adobe Illustrator Adobe InDesign Adobe Photoshop Android Development Android Programming Android Studio Automation Testing C / C++ Programming Career Options College Lounge css digital marketing Digital Marketing / SEO Fireworks Graphic Design Graphic designing Graphics Design Graphics Designing HTML? Illustrator Internship Training logo Design logo designing Magento Photoshop PHP Programming QA react-native Scroll Website SEO Single Page Website Stock Managment System Testing Typography UI UI/UX Development UI Design UI Designing UI development User Interface UX Design Web Designing Website Design Wordpress wpLogin
Log in with your username and password
Register for free!
Registration at Smart Mentors is completely free and takes only a few seconds. By registering you’ll gain:
- Full Posting Privileges.
- Access to Private Messaging.
- Optional Email Notification.
- Ability to Fully Participate.
Register Now, or check out the Site Tour and find out everything Smart Mentors has to offer.
Tagged: PHP Programming
This thread contains 1 reply, has 2 voices, and was last updated by 
darshan.soni007 1 year, 8 months ago.
- Author Replies
- February 7, 2019 at 1:38 pm #53273
Hello Sonal,
The session and cookie hacking can’t breach the database or the web application, but it can yield user accounts. A session is an entity triggered when users begin contact with a web server and consists of a period of communication between users and web application which is authenticated using security measures like a username and password.
Steps to prevent hacking:
-In order to prevent hackers from setting session ID’s prior to login, ID’s should be changed often, therefore, the session_regenerate_id() function should be used every time the user logs in, assigning them a fresh ID.
-The risk of this hacking can be mitigated by revalidating a user who is about to perform sensitive tasks like resetting their password (i.e. by making them re-enter their old password).
-If the user’s password is to be stored in a session variable, it needs to be encrypted (using the sha1() function).
-If your web application is handling sensitive information like debit and credit card numbers, then practicing an SSL or any other secured connection can also prevent session and cookie hacking
- AuthorPosts
You must be logged in to reply to this thread.Please login or register. Registration is 100% free.
