How does session middleware generally verify browser sessions?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by BBnyc on Programmers See other posts from Programmers or by BBnyc
Published on 2014-06-10T15:25:23Z Indexed on 2014/06/10 15:39 UTC
Read the original article Hit count: 243

Filed under:
|
|
|

I've been using session middleware to build web apps for years: from PHP's built-in session handling layer to node's connect session middleware. However, I've never tried (or needed) to roll my own session handling layer. How would one go about it? What sort of checks are necessary to provide at least some modicum of security against HTTP session highjacking?

I figure setting a cookie with a token to keep track of the session, and then perhaps some check to see that the originating IP address of the session doesn't change and that the client browser software remains consistent. Hoping to hear about current best-practices...

© Programmers or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about web-development

Related posts about web-applications

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle