Session Management-Multiple Sessions Allowed | Techbirds

Posted on: September 16, 2014 /

Categories: General / Author Name: Piyush Jain

It is possible for a to initiate multiple concurrent sessions using just one name/ combination. If multiple s are allowed to to the same simultaneously, non-repudiation is lost. The existence of multiple sessions generated from the same set of credentials often indicates that the credentials have been compromised. A malicious with valid credentials could exploit this vulnerability to cause a denial of service condition. Using a script to repeatedly to the system, the attacker could appropriate resources for each new session until no resources are available to legitimate s.

This side effect can be eliminated by terminating the previous session during the process.

In PHP, Following are the example steps to remove multiple session: 1. Save session id in the Database when an logged in. 2. Check the session id each time when a request to server is sent.

3. If session id doesn’t match then destroy the current session.

Linchpin Technologies Pvt Ltd, a mobile app development company India , is globally recognized as enterprise app development company

1,254 total views, 2 views today

Share this On Tags: PHP, Security, Session Management, Web Development