PHP Classes
Icontem

Class: Secure Session


  Search   All class groups All class groups   Latest entries Latest entries   Top 10 charts Top 10 charts   Newsletter Newsletter   Blog Blog   Forums Forums   Help FAQ Help FAQ  
  Login   Register  
Recommend this page to a friend! ReTweet ReTweet Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Vagharshak Tozalakyan  >  Secure Session  >  Download  >  Support forum Support forum (13)  >  Blog Blog  >  RSS 1.0 feed RSS 2.0 feed Latest changes  
Name: Secure Session Support forum
Base name: secure_session
Description: Prevent session hijacking or session fixation
Related top rated classes: , ,
Version: -
Required PHP version: -
License: GNU General Public License (GPL)
All time users: 10079 users
All time rank: 63
Week users: 24 users
Week rank: 231
 
  Author   Group folder image Groups   Detailed description  
  Rate classes User ratings   Trackback   Applications   Files Files  

Author

Picture of Vagharshak Tozalakyan
Name: Vagharshak Tozalakyan <e-mail contact>
Published packages: 27 Browse this author's classes Browse this author's classes
Country: Armenia Armenia - PHP jobs in Armenia
Home page: http://www.tozalakyan.com/
Age: 30
All time rank: 8
Week rank: 16

Innovation Award

PHP Programming Innovation award nominee
January 2006
Number 2
 Sessions have become one of possible features that can be exploited to perform security attacks to PHP sites.

Sessions are not insecure by themselves, but if they are not used with a certain care, they may be eventually abused by malicious users.

Session hijacking abuses can happen when somebody with privileged network access can sniff traffic that goes to potential victim site. Session fixation abuses can happen when a site uses the same session identifier for the same user before and after he authenticates to log in.

This class provides a solution to prevent these kinds of session abuses to prevent that PHP sites that use sessions become compromised.

Manuel Lemos

Groups

Group folder image User Management User records, authentication and session handling View top rated classes
Group folder image Security Security protection and attack detection View top rated classes

Detailed description

This class can be used to prevent security attacks known as session hijacking and session fixation.

When a session is initialized the class computes a fingerprint string that takes in account the browser user agent string, the user agent IP address or part of it and a secret word. If the fingerprint value changes, it is very likely that the session was hijacked and it should no longer be accepted.

To prevent session fixation attacks the calls the PHP session_regenerate_id() function so the session identifier changes everytime the session is checked.

User ratings

Ratings
Utility
Consistency
Documentation
Examples
Tests
Videos
Overall
Rank
All time:
Good (92.1%)
Good (87.2%)
-
Good (84.8%)
-
-
Sufficient (63.2%)
476
Month:
There are not enough user ratings to display for this class.

Trackback links

Link Description
PHP Session Management There is no such thing as a 100% secure anything in this world of hackers/counter hackers...
Latest blog trackback links Latest blog trackback links

Applications that use this class

No application links were specified for this class.
Add link image If you know an application of this package, send a message to the author to add a link here.

Files

File Role Description
Files folder image sample
  Plain text file index.php Example Sample
  Plain text file login.php Example Sample
Plain text file securesession.class.php Class Source
Download all files: secure_session.tar.gz secure_session.zip
NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.

 
  Advertise on this site Advertise on this site   Site map Site map   Statistics Statistics   Site tips Site tips   Privacy policy Privacy policy   Contact Contact  

For more information send a message to :
info at phpclasses dot org.
Copyright (c) Icontem 1999-2009 PHP Classes - PHP Class Scripts
  PHP Book Reviews - Reviews of books and other products