Closed enasni closed 11 years ago
Current session handling is weak and is susceptible to session hijacking. Implement a method to help deter this possibility.
Updated signin.php to create a unique session token cookie.
Updated signout.php to destroy the token cookie on logout.
Updated global.inc to validate client based on token cookie and existing session state.
Current session handling is weak and is susceptible to session hijacking. Implement a method to help deter this possibility.