Hiding Session Id

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Hiding Session Id

    Hello coders, Discuss here how to prevent hacking lava session ID. Do you have any ideas to hide sessoin ID sothat none can get it please post here....
    Wait...
    sigpic

    #2
    Nope lavalair is stuck with sid id it will show no matter what....
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com

    Comment


      #3
      <div class='quotetop'>QUOTE (subzero @ Jan 27 2009, 04:29 PM) <{POST_SNAPBACK}></div>
      Nope lavalair is stuck with sid id it will show no matter what....[/b]
      not true..
      It's better to keep your mouth shut and give the impression that you're stupid, than to open it and remove all doubt.
      ⓣⓗⓔ ⓠⓤⓘⓔⓣⓔⓡ ⓨⓞⓤ ⓑⓔ©ⓞⓜⓔ, ⓣⓗⓔ ⓜⓞⓡⓔ ⓨⓞⓤ ⓐⓡⓔ ⓐⓑⓛⓔ ⓣⓞ ⓗⓔⓐⓡ !
      ιη тнєσяу, тнє ρяα¢тι¢є ιѕ α яєѕυℓт σƒ тнє тнєσяу, вυт ιη ρяα¢тι¢є ιѕ тнє σρρσѕιтє.
      キノgんイノ刀g 4 ア乇ムc乇 ノ丂 レノズ乇 キucズノ刀g 4 √ノ尺gノ刀ノイリ!

      Comment


        #4
        <div class='quotetop'>QUOTE (metulj @ Jan 27 2009, 06:51 PM) <{POST_SNAPBACK}></div>
        not true..[/b]
        mod_rewrite

        PHP Code:
        foreach ($_SERVER as $server => $value)
        {
        echo 
        "$server is $value<br />";

        Comment


          #5
          <div class='quotetop'>QUOTE (drwap @ Jan 27 2009, 06:10 PM) <{POST_SNAPBACK}></div>
          mod_rewrite[/b]
          How do you plan to use mod_rewrite to hide session id? :S

          Comment


            #6
            yeah mod_rewrite would do the job but theres easier way to protect ur session id with only few lines of code and then u cn give ur session id in public and they can do **** with it lol...
            sigpiceeeeerrr....

            Comment


              #7
              <div class='quotetop'>QUOTE (youngson @ Jan 27 2009, 09:26 PM) <{POST_SNAPBACK}></div>
              How do you plan to use mod_rewrite to hide session id? :S[/b]
              btw b4 tht kind of post, 1st c whts mod_rewrite... try google it
              sigpiceeeeerrr....

              Comment


                #8
                <div class='quotetop'>QUOTE (alesh @ Jan 27 2009, 10:56 PM) <{POST_SNAPBACK}></div>
                btw b4 tht kind of post, 1st c whts mod_rewrite... try google it[/b]
                Btw b4 tht kind of post, don&#39;t insult my intelligence like that. I know fine what mod rewrite is. You would know that if you read my posts. I currently have it enabled in the site I am making atm which you will find in the script testing forum.

                Comment


                  #9
                  <div class='quotetop'>QUOTE (alesh @ Jan 27 2009, 10:55 PM) <{POST_SNAPBACK}></div>
                  yeah mod_rewrite would do the job but theres easier way to protect ur session id with only few lines of code and then u cn give ur session id in public and they can do **** with it lol...[/b]
                  And I still fail to see what mod_rewrite can do to hide session id, as it needs it in the url somewhere so it can be passed along as a parameter. Hence why I asked how can you do that with mod_rewrite.

                  Comment


                    #10
                    mod rewrite isnt the way forward ... look at what the user gives you to identify themselves .. erm browser ??? ip ??? just to name two .. so why not make those two things part of the authentication process.. if ($currentip != $storedip) then request re-login ... that would solve erm .. 99% of your script kidding session jacking .. the rest of the 1% .. well dont even trying to stop them cause even i can brute force ur ssh port into submission.. so the experts that make up that 1% wouldnt have a problem

                    Comment


                      #11
                      <div class='quotetop'>QUOTE (djlee @ Jan 28 2009, 01:45 AM) <{POST_SNAPBACK}></div>
                      mod rewrite isnt the way forward ... look at what the user gives you to identify themselves .. erm browser ??? ip ??? just to name two .. so why not make those two things part of the authentication process.. if ($currentip != $storedip) then request re-login ... that would solve erm .. 99% of your script kidding session jacking .. the rest of the 1% .. well dont even trying to stop them cause even i can brute force ur ssh port into submission.. so the experts that make up that 1% wouldnt have a problem[/b]
                      Ip & browser is definately the wrong way to login because both are varible. I would use cookies.

                      Comment


                        #12
                        erm yh exactly .. variable .. and cookies arent the way to go unless you know what your doing .. and cookies store data .. much like session id&#39;s and therefore and n00b with a keyboard and create and destroy cookies on there own machine.

                        think about it .. IP .. erm your ip is locked to your account, in order for me to continue your session is to have the same ip address .. IP changes you gotta relogin .. and i dont kno the pass so i cant.

                        the whole point is to use dynamic variables.. 90% of static vars arent no good and they can be spoofed far too easily

                        Comment


                          #13
                          <div class='quotetop'>QUOTE (djlee @ Jan 28 2009, 04:13 AM) <{POST_SNAPBACK}></div>
                          erm yh exactly .. variable .. and cookies arent the way to go unless you know what your doing .. and cookies store data .. much like session id&#39;s and therefore and n00b with a keyboard and create and destroy cookies on there own machine.

                          think about it .. IP .. erm your ip is locked to your account, in order for me to continue your session is to have the same ip address .. IP changes you gotta relogin .. and i dont kno the pass so i cant.

                          the whole point is to use dynamic variables.. 90% of static vars arent no good and they can be spoofed far too easily[/b]
                          Thats problem for login if you use ip because if your current ip is different from your preview ip then you cant login anymore.

                          Comment


                            #14
                            no if your stored ip and ur current ip is different then the session is deleted, then u need to relogin back in .. upon relogging in the script enters your new ip into the db and that becomes ur stored ip. therefore the hijacker needs ur password to login in order to reset the stored ip .. i really dont see the difficulty ur having in understanding this lol

                            Comment


                              #15
                              mod_rewrite You will fail!

                              Only one way to hide session ID is to build a new script that use session the right way like mine script im making so loony script and youngson&#39;s script we all are best coders to think of session



                              Here some idea&#39;s

                              Code:
                              Login
                              
                              $session[&#39;id&#39;]=session_id();
                              $session[&#39;sid&#39;]=$sid;
                              
                              
                              Sign up
                              
                              session_start();
                              session_register("session");
                              
                              Exit
                              
                              session_unset();
                              session_destroy();
                              
                              In config
                              
                              error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
                              Now see what you can do with this
                              Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                              Visit: WapMasterz Coming Back Soon!
                              _______
                              SCRIPTS FOR SALE BY SUBZERO
                              Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                              FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                              _______
                              Info & Tips
                              php.net
                              w3schools.com

                              Comment

                              Working...
                              X