0

If a user's id is in the session, it seems all I can do to validate things, is make sure that this is the user id I should be using for my transactions. The only checks I can make are that it is numeric value.

Is there extra secure techniques that can be done to ensure that the user in the session is the the system thinks it is?

Genadinik
  • 18,153
  • 63
  • 185
  • 284

1 Answers1

1

so you're talking about some anti session hi jacking measures? a basic one could be storing the ip of the user when they log in. although this won't work if the session hi jacker is on the same network. here is some more info on another way:

What is the best way to prevent session hijacking?

Community
  • 1
  • 1
m4tt1mus
  • 1,642
  • 14
  • 24