vb.org Archive - tips for sessions and security

When I make a login script for myself I check if the username and password match then I set the session.

I use this to check the session

PHP Code:


		
			
if(empty($_SESSION['username']))

{

    echo "You are not logged in";

    die();

}

But it just hit me that I can create a fake session on a different script.
I could use
$_SESSION['username'] = "haha";

I tested this with PHPTriad with PHP 4.4.1 (I downloaded the php package and replace the default package.
I'm not sure if it's possible to pass sessions from completely different urls.
eg.
From "my_site.com/fake_session.php" To "some_other_site.com/check_login.php"

Can you help me make it more secure.

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (1)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

X vBulletin 3.8.12 by vBS Debug Information

Page Generation 0.00939 seconds
Memory Usage 1,708KB
Queries Executed 10 (?)

More Information

Template Usage:

(1)ad_footer_end
(1)ad_footer_start
(1)ad_header_end
(1)ad_header_logo
(1)ad_navbar_below
(1)bbcode_php_printable
(1)footer
(1)gobutton
(1)header
(1)headinclude
(6)option
(1)post_thanks_navbar_search
(1)printthread
(1)printthreadbit
(1)spacer_close
(1)spacer_open

Phrase Groups Available:

global
postbit
showthread

Included Files:

./printthread.php
./global.php
./includes/init.php
./includes/class_core.php
./includes/config.php
./includes/functions.php
./includes/class_hook.php
./includes/modsystem_functions.php
./includes/class_bbcode_alt.php
./includes/class_bbcode.php
./includes/functions_bigthree.php

Hooks Called:

init_startup
init_startup_session_setup_start
init_startup_session_setup_complete
cache_permissions
fetch_threadinfo_query
fetch_threadinfo
fetch_foruminfo
style_fetch
cache_templates
global_start
parse_templates
global_setup_complete
printthread_start
bbcode_fetch_tags
bbcode_create
bbcode_parse_start
bbcode_parse_complete_precache
bbcode_parse_complete
printthread_post
printthread_complete

Messages:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.00939 seconds Memory Usage 1,708KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (1)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: