Hello,
I am currently making something in PHP,and I have login and It works with Sessions,I saw attack called 'Session Hijacking' so I'll ask you if this vulnerable to 'Session Hijacking'.
So,I check if username & password is equal to username & password in database if yes it gives it $_SESSION['username'] = $username and $_SESSION['AdminId'] = 1.
Now in other file I check sessions:
Thanks in advance, k0d3.
I am currently making something in PHP,and I have login and It works with Sessions,I saw attack called 'Session Hijacking' so I'll ask you if this vulnerable to 'Session Hijacking'.
So,I check if username & password is equal to username & password in database if yes it gives it $_SESSION['username'] = $username and $_SESSION['AdminId'] = 1.
PHP:
<?php
$username = mysql_real_escape_string($_POST['username']);
....
if ($row > 0) {
$_SESSION['username'] = $username;
$_SESSION['AdminID'] = 1;
}
?>
PHP:
<?php
if(!empty($_SESSION['username']) and $_SESSION['AdminID'] == 1) {
echo "Logged in!";
} else {
echo "Not logged in!";
}
?>