DEVHIDE
Login Or Sign up

Laravel Session Hijacking issue

594 Views Asked by At

We have a web application running on Laravel 5.4. We have given this Website to an auditing service to check the vulnerabilities. Their report says that There is threat of Session Hijacking. In the report, They have mentioned below threat.

THREAT: Suppose there are Two users A and B

  1. Log into the account of A and copy the session id and XSRF-TOKEN cookies of the user.
  2. Now open another browser chrome, Login to the account of B.
  3. Now paste the Cookies of A (session id and XSRF-TOKEN ) in place of cookies of B (session id and XSRF-TOKEN ).
  4. Now just reload the chrome. That's it. Immediately, user A account will be opened.

I have tried it and they are correct. But, how to fix the issue? They recommended me to Turn on HttpOnly and Secure cookies with SSL encrypted, which I did.

Even after doing that, the issue is still there. Am I checking in the correct way? How to check the session hijacking vulnerability after setting HttpOnly and Secure?

php laravel laravel-5.4 session-cookies session-hijacking
Original Q&A
0

There are 0 best solutions below

Related Questions in PHP

Related Questions in LARAVEL

Related Questions in LARAVEL-5.4

Related Questions in SESSION-COOKIES

Related Questions in SESSION-HIJACKING

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.