Session Hijacking
PHP Session Security
2024-05-17
12
Again,
session_start()
isn't enough.
Don't use IP address for identification!
Assume the session identifier is captured.
Complicate impersonation.