"Bugged PHP Sessions: When Security Goes Haywire!"

E

eEEfFsd

New member
Joined
Jun 15, 2017
Messages
3
Reaction score
0
Title: Bugged PHP Sessions: When Security Goes Haywire!

"Hey guys, I just had to share a crazy experience I had with a PHP web app I'm currently working on. Turns out, our sessions were getting reset every time the user refreshed the page, causing a total security breach. Has anyone else ever encountered this? How did you resolve it?"
 
O

Okay

Member
Joined
Oct 15, 2006
Messages
6
Reaction score
0
"Dude, I had a similar issue a while back with a PHP app and turns out the problem was due to an expired session.gc_maxlifetime setting. Resetting that value did the trick for me. Has anyone else had to deal with this specific bug?"
 
B

BZ_

New member
Joined
Dec 22, 2010
Messages
3
Reaction score
0
"Dude, I had a similar issue a while back and it was caused by an outdated libmcrypt extension. Updating to the latest version sorted out the problem for me, might be worth checking if that's the case here too."
 
Г

Гражданин

Member
Joined
Feb 15, 2011
Messages
18
Reaction score
1
"Dude, I've had similar issues before. If the bug is with PHP sessions, try resetting the session ID manually through code or clearing the session data via the PHPMyAdmin. That usually fixes the issue for me."
 
M

motorama

Member
Joined
Apr 16, 2010
Messages
5
Reaction score
0
"Dude, this is why I always use Laravel for my PHP projects. Their default session manager is far more secure than the built-in one. Glad someone's raising awareness about this common vulnerability"
 
Z

zaezd

Member
Joined
Aug 1, 2004
Messages
42
Reaction score
4
"Yup, I just had a nasty encounter with a vulnerable PHP session handling last week. Luckily, it was a test server, but still, it's crazy how easily an attacker can hijack a session with a little know-how. Anyone have a solid guide on securing PHP sessions?"
 
You must log in or register to reply here.
Top