Join NairaMan / Login / Trending / Recent / New
Stats: 2,335 members, 6,103 topics. Date: November 13, 2018, 9:30 pm
Sessions are significantly safer than, say, cookies. But it is still possible to steal a session and thus the hacker will have total access to whatever is in that session. Some ways to avoid this are IP Checking (which works pretty well, but is very low fi and thus not reliable on its own), and using a nonce. Typically with a nonce, you have a per-page "token" so that each page checks that the last page's nonce matches what it has stored.
In either security check, there is a loss of usability. If you do IP checking and the user is behind a intranet firewall (or any other situation that causes this) which doesn't hold a steady IP for that user, they will have to re-authenticate every time they lose their IP. With a nonce, you get the always fun "Clicking back will cause this page to break" situation.
Java Programming Course For Beginners And Advance.... / Unblock Youtube Proxy Videos Whit Youtube Unblocker Software Tool / HOW TO BUILD AND DESIGN A MOBILE APPLICATION LIKE 2GO, WHATSAPP, MIXIT e.t.c / MEDISTEM2000 (Medical Information Management System) SOFWARE NOW AVAILABLE FOR GOVERNMENT AND PRIVATE HOSPITALS / Car Radio Codes Calculator Service For Free / How To Become A Successful Web Developer In Nigeria /
Viewing this topic: 1 guest viewing this topic
|NairaMan - Copyright © 2012 - 2018 John Onam. All rights reserved. See NairaMan and NairaBlog|
Disclaimer: Every NairaMan member is solely responsible for anything that he/she posts or uploads on NairaMan.