I have a file named send.php in which I have a session which carries a randomly generated passkey to the result.php. The passkey is renewed on page load. If an intruder tries to bypass send.php, an error is shown in result.php. The randomly generated key matter because it is a virtual passkey ( not real, it undergoes different levels of changes to help the formation of the real key ), to encrypt as well as decrypt my data in PHP. I am hosting my site at InfinityFree, where I am not allowed to make changes in the php.ini file, nor I have SSL. So, what could be the best way to save myself from hijacking, since security is the most important point of my site ? Or is there there any other secure way to accomplanish what I want ?
Thanks In Advance
