thedestroyer Posted July 26, 2010 Share Posted July 26, 2010 Does anyone know to to stop session hijacking on the login page? Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted July 26, 2010 Share Posted July 26, 2010 # Joke die('no!'); Don't think you can stop it on the login page. Quote Link to comment Share on other sites More sharing options...
thedestroyer Posted July 26, 2010 Author Share Posted July 26, 2010 # Joke die('no!'); Don't think you can stop it on the login page. wtf if youcouldnt stop it there wouldnt be any games around..... Quote Link to comment Share on other sites More sharing options...
Dominion Posted July 26, 2010 Share Posted July 26, 2010 he said he can not stop it on the login page not that it can not be stopped ... Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted July 26, 2010 Share Posted July 26, 2010 If your on the login page, there are no session's being called, thus no major exploit on the login page. Quote Link to comment Share on other sites More sharing options...
thedestroyer Posted July 26, 2010 Author Share Posted July 26, 2010 If your on the login page, there are no session's being called, thus no major exploit on the login page. maybe i explained wrong then. What i mean is you can login as another player. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted July 26, 2010 Share Posted July 26, 2010 Well then http://makewebgames.io/board750/31798-session-hijacking-protection Altho, Including on the sha1 function, i'd include a special text like this: $_SESSION['HTTP_USER_AGENT'] = sha1('SomeRandom'.$_SERVER['HTTP_USER_AGENT'].'SomeRandom'); That way making it even more secure as now alot of people are going to know your hashing the USER AGENT, and can still spoof it. I'd also suggest you make the random text something else and keeping it to yourself. Quote Link to comment Share on other sites More sharing options...
iSOS Posted July 26, 2010 Share Posted July 26, 2010 Lol, that would be entering there username & password then lmfao, not session hijacking! Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted July 27, 2010 Share Posted July 27, 2010 What he means is when i steal his session then switch my session code to his and while he's logged in i move around and delete stuff on his account. I agree with HD would be much safer to add more to the base code. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.