enasni
commented
11 years ago Updated signin.php to create a unique session token cookie.
Updated signout.php to destroy the token cookie on logout.
Updated global.inc to validate client based on token cookie and existing session state.
Current session handling is weak and is susceptible to session hijacking. Implement a method to help deter this possibility.