From the course: PHP: Creating Secure Websites
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Session hijacking and fixation - PHP Tutorial
From the course: PHP: Creating Secure Websites
Session hijacking and fixation
- [Instructor] In this movie, we'll learn how to protect against session hijacking and session fixation attacks. First, recall that sessions work by storing information on the server and then giving a user's browser a cookie that contains the session ID to reference that information. In general, storing the information on the server is safer because it's never sent to the browser. You can't view that information in the cookie and you can't observer it in transit. However, the session ID is sent to the browser. An attacker can steal that session ID. Once they have it, they can include it with future requests to impersonate a user. If the user's currently logged in, the hacker will be logged in too without needing to have any credentials. The attacker can use that account, steal personal information, and even change the password to lock the legitimate user out of the account. Session IDs are often discovered through…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.