Giters

hiqdev / session-keeper

Session token theft detection

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

hacktoberfest

Session Keeper

Session token theft detection

Latest Stable Version Total Downloads Build Status Scrutinizer Code Coverage Scrutinizer Code Quality

This package provides small library for token theft detection.

Installation

The preferred way to install this library is through composer.

Either run

php composer.phar require "hiqdev/session-keeper"

or add

"hiqdev/session-keeper": "*"

to the require section of your composer.json.

Idea

  • Save for every session:
    • is it secure (user chooses)
    • browser fingerprint
    • IP address
  • Session can be revalidated by
    • current fingerprint
    • IP address
  • Conditions:
    • changed fingerprint - kill session, must relogin
    • changed IP:
      • the IP is secure - ok
      • the IP is unknown - kill session, must relogin

License

This project is released under the terms of the MIT license. Read more here.

Copyright © 2019, HiQDev (http://hiqdev.com/)

About

Session token theft detection

hacktoberfest

License:MIT License

Languages

Language:PHP 90.6%Language:Gherkin 9.4%