I'm no expert on the subject, but I think session can be hijacked by : * 'stealing' a sessions id from the url. This is only possible if the user browser doesn't use cookies so the session id is visible in the url * stealing a session cookie
In either cases, logging the user's ip would increase security imho. I'm interested in other opinions :) On Sat, Oct 3, 2009 at 10:08 PM, Dave Maharaj :: WidePixels.com < d...@widepixels.com> wrote: > Not quite sure how this works but how does one steal a session? > > I have my session info stored in the database... if i added ip to the > session so it also checks that the session ip matches the user ip would that > increase the session sucurity? What a safe guards / good practsise to secure > session data? > > Thanks > > Dave > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---