Recent Changes - Search:

Cookbook

PmWiki

pmwiki.org

SessionGuard

Summary: Protects againt Session Theft (whatever that is)
Version: 2.2
Prerequisites: AuthUser
Status: Working
Maintainer: GNUZoo & Sven
Categories: Security
Discussion: SessionGuard-Talk?

Questions answered by this recipe

Can I make my wiki more secure?

Description

This recipe will make a wiki more secure. It binds the session to its original IP (subnet). It also binds the browser name. An attacker would have to fake both in order to steal a session. This recipe is good to use if you have a person login (for example with AuthUser) or uses a password to change your wiki.

Installation

There are 2 steps to installing SessionGuard.

Step 1

Create a page call "Site.InvalidLoginInformation". You can customize this page any way you want.
Someone might put:
(:notitle:)
!!Your login information seems to be invalid.

Technical details: Your session ID seems to belong to another user.

Return to [[Main/HomePage|Home]].
In mine I put:
(:redirect Main.HomePage:)

Step 2

Copy SessionGuard.phpΔ to your cookbook directory.
If you are using AuthUser place this before it in your config.php:
require("cookbook/SessionGuard.php");
or in your farmconfig.php enter:
require("$FarmD/cookbook/SessionGuard.php");

Notes

Use "require" and not "include" - "For security stuff, always require."

Release Notes

This program is free software. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation http://www.fsf.org either version 2 of the License, or (at your option) any later version.

Copyright 2007 by GNUZoo email: guru [snail] gnuzoo [period] org

Please donate to the author at url: http://gnuzoo.org/GNUZooPayPal

  • Version 2.2 - Change pagename reference Site.SuspicionOfSessionTheft to Site.InvalidLoginInformation
  • Version 2.1 - added "if (!defined('PmWiki')) exit();"
  • Version 2.0 - renamed - old LoginGuard obsolete
  • Version 1.0 - Initial Release

See Also

Contributors

GNUZoo created and maintains recipe

Sven created initial code

Comments

See Discussion at SessionGuard-Talk?

User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.

Edit - History - Print - Recent Changes - Search
Page last modified on October 29, 2013, at 10:34 PM