Can this be done, and how accurate would it be?
I am starting a website and my main desire is to protect my member's as much as I can I have taken the steps to ensure safe cookies, like basing them off the IP of the user. However the site is one where you can purchase items off and when dealing with money you can never be too safe. The problem is that, yes, an IP based of an IP is safe however a person on the same network can still exploit a flaw or what-not then inject the stolen cookies without the IP check doing anything.
So now with my theory - if the cookies are based not only on IP but also on when they were set it would be impossible to inject. So does PHP have a function to check when a cookie was set and if so how accurate is it?
Thanks everyone.
Mb0742 wrote: The problem is that, yes, an IP based of an IP is safe however a person on the same network can still exploit a flaw or what-not then inject the stolen cookies without the IP check doing anything. True. Many admins who use IP-based sessions underestimate this risk.
So now with my theory - if the cookies are based not only on IP but also on when they were set it would be impossible to inject. So does PHP have a function to check when a cookie was set and if so how accurate is it? No idea :right: