Skip to content
Session token theft detection
PHP Gherkin
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs/readme
src
tests
.gitignore
.php_cs
.scrutinizer.yml
.travis.yml
LICENSE
README.md
composer.json
hidev.yml
phpunit.xml.dist

README.md

Session Keeper

Session token theft detection

Latest Stable Version Total Downloads Build Status Scrutinizer Code Coverage Scrutinizer Code Quality

This package provides small library for token theft detection.

Installation

The preferred way to install this library is through composer.

Either run

php composer.phar require "hiqdev/session-keeper"

or add

"hiqdev/session-keeper": "*"

to the require section of your composer.json.

Idea

  • Save for every session:
    • is it secure (user chooses)
    • browser fingerprint
    • IP address
  • Session can be revalidated by
    • current fingerprint
    • IP address
  • Conditions:
    • changed fingerprint - kill session, must relogin
    • changed IP:
      • the IP is secure - ok
      • the IP is unknown - kill session, must relogin

License

This project is released under the terms of the MIT license. Read more here.

Copyright © 2019, HiQDev (http://hiqdev.com/)

You can’t perform that action at this time.