How to prevent Session and Cookie Hacking?
Thread TagsAdobe Illustrator Adobe InDesign Adobe Photoshop Android Development Android Programming Android Studio Automation Testing C / C++ Programming Career Options College Lounge css digital marketing Digital Marketing / SEO Fireworks Graphic Design Graphic designing Graphics Design Graphics Designing HTML? Illustrator Internship Training java classes in pune java training institute in pune logo Design logo designing Magento Photoshop PHP Programming QA react-native SEO Single Page Website Testing Typography UI UI/UX Development UI Design UI Designing UI development User Interface UX Design Web Designing Website Design Wordpress wp
Log in with your username and password
Register for free!
Registration at Smart Mentors is completely free and takes only a few seconds. By registering you’ll gain:
- Full Posting Privileges.
- Access to Private Messaging.
- Optional Email Notification.
- Ability to Fully Participate.
- Author Replies
- February 7, 2019 at 1:38 pm #53273
The session and cookie hacking can’t breach the database or the web application, but it can yield user accounts. A session is an entity triggered when users begin contact with a web server and consists of a period of communication between users and web application which is authenticated using security measures like a username and password.
Steps to prevent hacking:
-In order to prevent hackers from setting session ID’s prior to login, ID’s should be changed often, therefore, the session_regenerate_id() function should be used every time the user logs in, assigning them a fresh ID.
-The risk of this hacking can be mitigated by revalidating a user who is about to perform sensitive tasks like resetting their password (i.e. by making them re-enter their old password).
-If the user’s password is to be stored in a session variable, it needs to be encrypted (using the sha1() function).
-If your web application is handling sensitive information like debit and credit card numbers, then practicing an SSL or any other secured connection can also prevent session and cookie hacking
You must be register. Registration is 100% free.to reply to this thread.Please or