Securing session hijacking on login

[thedestroyer]

Does anyone know to to stop session hijacking on the login page?

[Zero-Affect]

    # Joke
die('no!');

Don't think you can stop it on the login page.

[thedestroyer]

    # Joke
die('no!');

Don't think you can stop it on the login page.

wtf if youcouldnt stop it there wouldnt be any games around.....

[Dominion]

he said he can not stop it on the login page not that it can not be stopped ...

[Haunted Dawg]

If your on the login page, there are no session's being called, thus no major exploit on the login page.

[thedestroyer]

If your on the login page, there are no session's being called, thus no major exploit on the login page.

maybe i explained wrong then. What i mean is you can login as another player.

[Haunted Dawg]

Well then http://makewebgames.io/board750/31798-session-hijacking-protection

Altho, Including on the sha1 function, i'd include a special text like this:

$_SESSION['HTTP_USER_AGENT'] = sha1('SomeRandom'.$_SERVER['HTTP_USER_AGENT'].'SomeRandom');

That way making it even more secure as now alot of people are going to know your hashing the USER AGENT, and can still spoof it.

I'd also suggest you make the random text something else and keeping it to yourself.

[iSOS]

Lol, that would be entering there username & password then lmfao, not session hijacking!

[Zero-Affect]

What he means is when i steal his session then switch my session code to his and while he's logged in i move around and delete stuff on his account.

I agree with HD would be much safer to add more to the base code.