How can I protect my users from session hijacking?

Question

How can I protect my users from session hijacking?

How to protect my users from session hijacking?

+3

security session

Doug Apr 15 '10 at 19:52

source share

4 answers

From StackOverflow Creators Blog
Preventing CSRF and XSRF Attacks

Googling " csrf"
http://www.google.com/search?client=safari&rls=en&q=prevent+csrf&ie=UTF-8&oe=UTF-8

+1

Christopher Altman 15 . '10 19:58

, , - IP- . , IP- IP-, . , , -, IP-.

+1

RadiantHeart 15 . '10 19:59

Consider using a secret salt known only to the client and server installed at login (I hope you are logging in to SSL). Subsequently, the server can provide an account with each response, and the client can provide a hash (account + secret salt) with the following request. A potential hijacker does not have access to the secret salt and cannot generate the next hash. Even non-SSL login can probably set a secret salt if login is performed using one-time hashed passwords.

0

davej Feb 14 '14 at 20:01

source share

rook · Accepted Answer · 2010-04-15T20:01:03+0000

There are three sections in Owasp Top 10 for 2010 that you should read.

1: ( !! ) A3: "Broken authentication and session management." ( !! )

2: "Cross-Site Request Subroutine" (XSRF)

3: Cross Site Scripting (XSS)

How can I protect my users from session hijacking?

More articles: