Checking for session hijacking : md5 « Utility Function « PHP





Checking for session hijacking

 
<?php
session_start(  );
$user_check = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
if (empty($_SESSION['user_data'])) {
    session_regenerate_id(  );
    echo ("New session, saving user_check.");
    $_SESSION['user_data'] = $user_check;
}
if (strcmp($_SESSION['user_data'], $user_check) !== 0) {
    session_regenerate_id(  );
    echo ("Warning, you must reenter your session.");
    $_SESSION = array(  );
    $_SESSION['user_data'] = $user_check;
}

else {
    echo ("Connection verified!");
}
?>
  
  










Related examples in the same category

1.string md5 ( string str [, bool raw_output] )
2.string md5 ( string str [, bool raw_output] ) produces a data checksum in exactly the same way as sha1( );
3.Creating an md5 signature
4.PHP's basic md5() function
5.The protect() MD5 Form Fingerprint Generator
6.md5.php
7.Insert a unique ID into a form