PHP Developer's Network : Network Member Forums

Class: Secure Session


  Search   All class groups   Latest entries   Top 10 charts   Newsletter   Blog   Forums   Help FAQ  
  Login   Register  
Recommend this page to a friend! Trackback URL: http://www.phpclasses.org/trackback/browse/package/2794.html
      Classes of Vagharshak Tozalakyan  > 
Secure Session
  >  Download  >  Support forum Support forum  >  RSS 1.0 feed RSS 2.0 feed Latest changes  >  Stumble It! Stumble It!  >  Bookmark in del.icio.us Bookmark in del.icio.us  
  Supplied by   Group folder image Groups   Detailed description  
  Rate classes User ratings   Applications   Files Files  

  • Supplied by:

    • Picture of Vagharshak Tozalakyan
    Name: Vagharshak Tozalakyan <e-mail contact>
    Published packages: 24
    Country: Armenia Armenia - PHP professionals from Armenia looking for PHP jobs
    Home page: http://www.tozalakyan.com/
    Age: 28
    All time rank: 19
    Week rank: 4

    Browse this author's classes

  • Innovation Award:

    • PHP Programming Innovation award nominee
    January 2006
    Number 2
    		 Sessions have become one of possible features that can be exploited to perform security attacks to PHP sites.

    Sessions are not insecure by themselves, but if they are not used with a certain care, they may be eventually abused by malicious users.

    Session hijacking abuses can happen when somebody with privileged network access can sniff traffic that goes to potential victim site. Session fixation abuses can happen when a site uses the same session identifier for the same user before and after he authenticates to log in.

    This class provides a solution to prevent these kinds of session abuses to prevent that PHP sites that use sessions become compromised.

    Manuel Lemos

  • Groups:

    • Group folder image
    User records, authentication and session handling
    		 View top rated classes
    Group folder image
    Security protection and attack detection
    		 View top rated classes

  • Detailed description:

    • This class can be used to prevent security attacks known as session hijacking and session fixation.

    When a session is initialized the class computes a fingerprint string that takes in account the browser user agent string, the user agent IP address or part of it and a secret word. If the fingerprint value changes, it is very likely that the session was hijacked and it should no longer be accepted.

    To prevent session fixation attacks the calls the PHP session_regenerate_id() function so the session identifier changes everytime the session is checked.

  • User ratings:

    • Ratings
    Utility
    Consistency
    Documentation
    Examples
    Tests
    Videos
    Overall
    Rank
    All time:
    Good (90.2%)
    Good (84.8%)
    -
    Good (81.8%)
    -
    -
    Sufficient (61.7%)
    481
    Month:
    There are not enough user ratings to display for this class.

  • Applications that use this class:

    • No application links were specified for this class.
    Add link image If you know an application of this package, send a message to the author to add a link here.

  • Files:

    • File Role Description
    Files folder image sample
      Plain text file index.php Example
    Sample
      Plain text file login.php Example
    Sample
    Plain text file securesession.class.php Class
    Source
    Download all files: secure_session.tar.gz secure_session.zip
    NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.

 
  Advertise on this site   Site map   Statistics   Site tips   Privacy policy   Contact  
For more information send a message to :
info at phpclasses dot org.
Copyright (c) Icontem 1999-2008 PHP Classes - PHP Class Scripts
  PHP Book Reviews - Reviews of books and other products