Ask a question    Sign Up Sign In
  1. Home
  2. php - Protect from Web Session Attacks

702 votes
1 answers

php - Protect from Web Session Attacks

Get the solution ↓↓↓

I am a student working on a web application design. I am new to web session and security issues related to web session.

On this page: Session Replay vs Session Fixation vs Session Hijacking, a Stackexchange user listed ways to be protected from session attacks (e.g. session replay, session fixation, session hijacking).

May I ask whether the points listed in the webpage above is sufficient to be protected from session attacks? If not, may you list down other things that I need to do to be protected from session attacks?




440
votes

Answer

Solution:

There are numerous "session" attacks possible, and that link does not enumerate them all.

I would highly recommend referring to the OWASP Session Management Cheat Sheet for a more comprehensive look at session management security. In case you're not familiar, OWASP is the "Open Web Application Security Project," which is one of the key open source resources for web application security. They also produce the OWASP Top 10, which attempts to enumerate the most common web application security issues.

Some potential session security attributes to consider that are not covered by your link:

This link also has PHP specific guidance, covering Session Lifecycle, Session ID, Session Cookie, and Session data storage.

I'd also highly recommend using a standard PHP library for session management, which will abstract many of these problems away from you. The appropriate library will depend on the framework you're using.

Write your answer



Share solution ↓

Additional Information:
Link To Source
People are also looking for solutions of the problem: failed to create image decoder with message 'unimplemented'

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Similar questions

Find the answer in similar questions on our website.

889 authentication - php password protected website
881 php - Using PHPThumb and Thickbox/Colorbox
149 PHP classes are keeping me from accessing the needed variable
829 php - Cakephp 2.8.4 ignoring hasMany
591 php - Filter content from mysql db with checkboxes using jQuery?
947 php - Loading controllers from different folder in CodeIgniter
882 php - .htaccess prevents POST form from working
166 linux - Safest way to write into /etc from php application?
372 php - How to read value from HTML text input?
336 PHP + SQL - Using SQL Server 'Create To' scripts to create tables through PHP

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.





About the technologies asked in this question

PHP

PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites. The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/


HTML

HTML (English "hyper text markup language" - hypertext markup language) is a special markup language that is used to create sites on the Internet. Browsers understand html perfectly and can interpret it in an understandable way. In general, any page on the site is html-code, which the browser translates into a user-friendly form. By the way, the code of any page is available to everyone.
https://www.w3.org/html/

Welcome to programmierfrage.com

programmierfrage.com is a question and answer site for professional web developers, programming enthusiasts and website builders. Site created and operated by the community. Together with you, we create a free library of detailed answers to any question on programming, web development, website creation and website administration.

Get answers to specific questions

Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.

Help Others Solve Their Issues

Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.