0

That is, there are two different users (attacker and victim) connected to the same WiFi ($_SERVER['REMOTE_ADDR'] equal), network and assume that they have exactly the same browser ($_SERVER['HTTP_USER_AGENT'] equal).

Since PHP as might differentiate between these two users?

Excuse my language, I used Google translator :D

LuKks
  • 13
  • 1
  • 5
  • 1
    Assign them a unique cookie/session...!? What problem are you really trying to solve here? What's unique about your situation that can't be solved with standard operating procedure? – deceze Jan 26 '16 at 11:03
  • I'm doing that when the attacker "guess" the value of the cookie "PHPSESSID" and try to duplicate the session could not. It works quite well but would work well if the attacker uses the same IP address and same browser as use that data to encrypt cookie "PHPSESSID" temporarily so use this result in my custom functions. – LuKks Jan 26 '16 at 11:30

0 Answers0