session hacking prevention and multiple ?

[rockwood]

how can i make session secure on my website ?

how to stop multiple login by single user on my web ?

[Guest]

Track it in a database, if there is a record in there when the session hasn't expired don't let the other user login, or logout the other user.

[rockwood]

any script example available here against for both question ?

Edited June 16, 2013 by rockwood

[Aventro]

Basically what you are saying right now "I didn't understand ****, could you please provide me with complete code so I can rip it off and use it".

Why not just go further with the information you was given? He told me to track sessions in a database, a good start would be to google on how to do that. Here's a relevant question on how to do that: http://stackoverflow.com/questions/2950355/set-session-in-database-in-php

Here's another relevant answer on your first question: The most common Session attacks are either Session hijacking or Session fixation. Here's another great question about it: http://stackoverflow.com/questions/5081025/php-session-fixation-hijacking

[rockwood]

Basically what you are saying right now "I didn't understand ****, could you please provide me with complete code so I can rip it off and use it".

Why not just go further with the information you was given? He told me to track sessions in a database, a good start would be to google on how to do that. Here's a relevant question on how to do that: http://stackoverflow.com/questions/2950355/set-session-in-database-in-php

Here's another relevant answer on your first question: The most common Session attacks are either Session hijacking or Session fixation. Here's another great question about it: http://stackoverflow.com/questions/5081025/php-session-fixation-hijacking

i have two different queries in case one i am regenerating session id and in second case i am trying to prevent single user multiple login at the same time and on different locations

[Aventro]

Well yeah and I answered on how you could do that.

[rockwood]

you are doing dev work in MVC ? @ Aventro

[Dominion]

What does MVC have to do with sessions?

[rockwood]

no just simply asked ,nothing with session

[Guest]

Stay on topic or make another thread then. Av pretty much answered your question.

[Djkanna]

Did you even start with a simple Google search prior to asking here?

I believe we as a community ( okay pretty much Octarine ) already <debated> ways of prevention ( multiple instances ) within the context of MCCodes, it may even still be on here, or linked to an external resource from here.

I think it was posted by Octarine, under "Login" or similar, use the search feature. :rolleyes:

http://makewebgames.io/showthread.php/40994-Can-you-spot-the-bugs-Chapter-5-CSRF-XSS-Session-Fixation-Hijacking

Sorry I was wrong (just removed), maybe if you ask really really nicely, Octarine may or may not post the relevant post again.

Edited June 16, 2013 by Djkanna

[Alan]

Some clues from a past article ... Can you spot the bugs?

[Djkanna]

Some clues from a past article ... Can you spot the bugs?

There now they owe you a beer. :cool:

[rockwood]

http://www.beautifyphp.com/ use this or phpstrom for nice formatted code

no problem hopefully Aventro's reply will help me lots of

[Dominion]

http://www.beautifyphp.com/ use this or phpstrom for nice formatted code

Using a good IDE would take care of ugly code. You shouldn't need to keep going to a website.

[KyleMassacre]

or just format it while coding it :p

[Lucifer.iix]

how can i make session secure on my website ?

how to stop multiple login by single user on my web ?

What is the problem of being logged on twice ?

It's the same user, so it would not make a difference.

And if it does than your code has side effects.

It's better to remove the bad code with side effects, than to try to cover up your mistakes after it.

My users can logon as mutch they like, there loged-on or loged-off. They don't get extra point for loging on twice.

Happy Hacking: Roger