[PHP] Session's secure

[Nedim!]

Hello,
I am currently making something in PHP,and I have login and It works with Sessions,I saw attack called 'Session Hijacking' so I'll ask you if this vulnerable to 'Session Hijacking'.
So,I check if username & password is equal to username & password in database if yes it gives it $_SESSION['username'] = $username and $_SESSION['AdminId'] = 1.

PHP Code: 

<?php
$username = mysql_real_escape_string($_POST['username']);
....
if ($row > 0) {
$_SESSION['username'] = $username;
$_SESSION['AdminID'] = 1;
}
?>

Now in other file I check sessions:

PHP Code: 

<?php
if(!empty($_SESSION['username']) and $_SESSION['AdminID'] == 1) {
echo "Logged in!";
} else {
echo "Not logged in!";
}
?>

Thanks in advance, k0d3.

Nedim! Reviewed by Nedim! on 12th Oct 2010. [PHP] Session's secure Hello, I am currently making something in PHP,and I have login and It works with Sessions,I saw attack called 'Session Hijacking' so I'll ask you if this vulnerable to 'Session Hijacking'. So,I check if username & password is equal to username & password in database if yes it gives it $_SESSION = $username and $_SESSION = 1. <?php $username = mysql_real_escape_string($_POST); .... if ($row > 0) { $_SESSION = $username; $_SESSION = 1; } Rating: 5

[litewarez]

Session hijacking us nothing to do with the section of the session your working on

to prevent session hijacking see me other post: http://www.besthostingforums.com/showthread.php?t=44270

[Nedim!]

k,Thank you litewarez.