I am struggling against hackers now.
My project is in laravel. Not sure how but they are getting administrator session and do all things in the project now.
I researched in the INTERNET and they are saying it is Laravel session hijacking. Anyone who has experience in Laravel session hijacking protection?
Please help me.
Thank you
Implemented Fotify auth model. Implemented the second password system.
You need to use a .env file and make sure that it isn't hosted on a public github repository. Best practice would be to make sure that it's included in the .gitignore and you set it up locally and on the server.
Make sure the app key is regenerated. Also make sure that you are serving the project with an SSL cert (https access)