security - How to secure my PHP site using sessions? -


I am trying to understand a good method to protect my site from attack. I am currently using cookies method. However, after some web research, I think it is not good to use cookies for security reasons, so my second option would be to use the session.

I read this article. In response to Anurag Jain, it has been said that the site should use https and it will not happen that the session ID should not be sniffed.

But there are some things that I do not understand.

When a user logs in to the site. I will run a query to check if the credential matches the user name and password. Then I store some information in different sessions (such as USER_ID, FULL_USER_NAME, TEAM_NAME, ACCESS_LEVEL)

After logging in and after a session is created, I can create session_id () after the session session begins I am After that I can save the session with an IP address in a database table. But after this how do I check the security every time to ensure that this user is actually created session and not a hacker?

How can this site be kept safe, "If session ID is enabled to repeat the same IP address then can not the attacker use it to enter the entry? Besides this How can I work if I want that many users "same network - same external IP address" from the same office

An article that I Many information was obtained.

Cookies will not be protected to use.

USER_ID, FULL_USER_NAME in the shop, not in session, not in the database. Therefore, when the connection is lost to the user, remove all sessions And a hacker can not use them.

The session is stored on the basis of connection and not the IP. < / Div>

Comments

Post a Comment

Popular posts from this blog

c - Mpirun hangs when mpi send and recieve is put in a loop -

I was trying to use the program to use mifrewan on 4 node clusters. Distributing node 0 data in nodes 1, 2 and 3. In the program, from '90 'to variable values ​​of' dior 'to be calculated. Therefore the node is distributing data and collecting results in an omitted fashion (for different values ​​of var 'dir') when do {*******} Whereas (dir Loop is given, Mippun is hanging, and no output is found. But when I comment on two {*******} (dir The loop output is obtained for the initial value of variable dir dir = -90 ), and that output is correct. The problem occurs when the loop is given. Can anyone help me in solving this problem. #include "mpi.h" int main (int argc, char * argv []) Float dir = -90; Int rank, nanoprakash; MPI_Status status; MPI_Init (& amp; argc, & argv); MPI_Comm_rank (MPI_COMM_WORLD, & amp; Rank); MPI_Comm_size (MPI_COMM_WORLD, & amp; numprocs); If (rank == 0) {/ / data to begin / / (dest = 1; dest ...
Read more

python - Apply coupon to a customer's subscription based on non-stripe related actions on the site -

I can not find anything in the source about using coupons after subscribing to a user's plan. Is it possible to use a coupon to credit a user's membership after initial subscription? If not, what is the best option? Specifically, I want to give a user 100% coupon for that month, when they take 5 [site specific actions]. This is possible, but may not be the best idea. Coupons are currently applied to the stripe, then apply again at the customer level and each client can have a single coupon. So if you are already offering discounts to the coupon, then the customer who is currently in the present will also give up. It also means that if you are using a recently-added multiple subscription capacity, then all of the user's subscription will be ready for the month. Coupons can be set to "Once", only once (as the only name) can be used by any customer, so if this credit can earn more than once, You will have to maintain a 100% discount coupon continuousl...
Read more

java - Unable to get JDBC connection in Spring application to MySQL -

मैंने स्प्रिंग में डीबी कॉन्फ़िगरेशन का पालन किया है: & lt; bean id = "dataSource" Class = "org.apache.commons.dbcp.BasicDataSource" नष्ट-विधि = "बंद" & gt; & Lt; प्रॉपर्टी नाम = "url" मान = "jdbc: dburl" / & gt; & Lt; संपत्ति नाम = "driverClassName" मान = "com.mysql.jdbc.Driver" / & gt; & Lt; संपत्ति नाम = "उपयोगकर्ता नाम" मान = "उपयोगकर्ता नाम" / & gt; & Lt; संपत्ति नाम = "पासवर्ड" मान = "पासवॉर्फ" / & gt; & Lt; प्रॉपर्टी नाम = "हटाए गए हटाए गए" मान = "सही" / & gt; & Lt; गुण नाम = "प्रारंभिक आकार" मान = "3" / & gt; & Lt; संपत्ति नाम = "अधिकतमअक्टिव" मान = "5" / & gt; & Lt; / सेम ​​& gt; डीबी से गुण मूल्यों को लोड करने के लिए अतिरिक्त कॉन्फ़िगरेशन। & lt; bean id = "config1" class = "org.apache.commons.configuration....
Read more