Session Hijacking

V

vjmaker78

I am dealing with a situation where session has to maintained for a
person in network.but he is always facing problem .He has to give
password again for logging in.
problem is it is taking diffrenet IP address with every new request(as
in network).
how can i solve this problem by using some bits of ip
address(192.168.11.10 etc.).
Actully every time program read the ip address of system + session ID
and creates a new string value of it and cross check that value with
the value it gets at last with incoming reuest for tracing the original
session.but as in network it takes different ip every time.Soat last
mismatch happens.can by using some diffrent concept of using 8,16,24,32
any no of bits will solve this problem.I think google,yahoo works on
concept where ip is not very important etc.
Please give me some clues to proceed.

Vijendra
 
A

Andrea Desole

I am dealing with a situation where session has to maintained for a
person in network.but he is always facing problem .He has to give
password again for logging in.
problem is it is taking diffrenet IP address with every new request(as
in network).
how can i solve this problem by using some bits of ip
address(192.168.11.10 etc.).
Actully every time program read the ip address of system + session ID
and creates a new string value of it and cross check that value with
the value it gets at last with incoming reuest for tracing the original
session.but as in network it takes different ip every time.Soat last
mismatch happens.can by using some diffrent concept of using 8,16,24,32
any no of bits will solve this problem.I think google,yahoo works on
concept where ip is not very important etc.
Please give me some clues to proceed.

It's not really clear. Are you saying you have to restore someone's
session after he logs in from another machine?
In that case serialize serialize your session information and save it
somewhere every time it changes. This doesn't consider the case, of
course, when two people are working at the same time with the same account
 
V

vjmaker78

Here i am talking about a single person who when logs in through a
network gets the same messgae to give password again and again.

This mechnism works well with session not been hijacked as it cross
check the session value+ipaddress everytime when a request comes.

It basically creates a new string value of(session+ipaddress) stores
it.for cross checking.

Network takes a new ip every time for a single person also for his
every new request.
an ultimately mismatch happens resulting in again asks for password
every time.

Its like every time program read the ip address of system + session ID
and creates a new string value of it and cross check that value with
the value it gets at last with incoming reqest for tracing the original

session.but as in network it takes different ip every time.So at last
mismatch happens.

If you want further clarification can ask me more.

Vj
 
I

impaler

Network takes a new ip every time for a single person also for his
every new request.
an ultimately mismatch happens resulting in again asks for password
every time.

You mean something like: you have a web app that has a login screen,
you log in, the IP is sent and the session is created. You click a link
and the IP adress changes ? That's weird.

Please define this "every time" a little more. Between screens/modules,
app instances .
 
I

iksrazal

(e-mail address removed) escreveu:
Here i am talking about a single person who when logs in through a
network gets the same messgae to give password again and again.

This mechnism works well with session not been hijacked as it cross
check the session value+ipaddress everytime when a request comes.

It basically creates a new string value of(session+ipaddress) stores
it.for cross checking.

Network takes a new ip every time for a single person also for his
every new request.
an ultimately mismatch happens resulting in again asks for password
every time.

Its like every time program read the ip address of system + session ID
and creates a new string value of it and cross check that value with
the value it gets at last with incoming reqest for tracing the original

session.but as in network it takes different ip every time.So at last
mismatch happens.

If you want further clarification can ask me more.

Vj

I do a lot of non traditional session work with web services -
typically using java.util.UUID . Why do you attach the ip to your
session ? If the session id is random - what advantage is there to
trace it back to an ip or mac address.

FWIW, version 1 UUIDs include a MAC address. Google for 'java.util.UUID
mini-FAQ' if interested.

HTH,
robert
http://www.braziloutsource.com/
 
J

JScoobyCed

Here i am talking about a single person who when logs in through a
network gets the same messgae to give password again and again.

Is it the expected behaviour or are you describing the problem ? Be
clear. Make short sentences.
This mechnism works well with session not been hijacked as it cross
check the session value+ipaddress everytime when a request comes.

Don't use hijacked without defining your understanding of it. Session
hijack means somebody else from the network intercepts the communication
and session and uses it to log on to the system.
It basically creates a new string value of(session+ipaddress) stores
it.for cross checking.

OK, this is clear.
Network takes a new ip every time for a single person also for his
every new request.

Please explain what protocol in place is changing the IP address of the
client? Is it a mobile/pda application that disconnects from the network
at every request?
an ultimately mismatch happens resulting in again asks for password
every time.

Then maybe you shouldn't be using a IP+SessionId key to retrieve the
Session. I don't know about the UUID proposed by 'iksrazal' but it
sounds a good solution if the Mac address is used instead of the
changing IP.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top