Hello,
I am currently making something in PHP,and I have login and It works with Sessions,I saw attack called 'Session Hijacking' so I'll ask you if this vulnerable to 'Session Hijacking'.
So,I check if username & password is equal to username & password in database if yes it gives it $_SESSION['username'] = $username and $_SESSION['AdminId'] = 1.
PHP Code: 
<?php
$username 
mysql_real_escape_string($_POST['username']);
....
if (
$row 0) {
$_SESSION['username'] = $username;
$_SESSION['AdminID'] = 1;
}
?>
Now in other file I check sessions:
PHP Code: 
<?php
if(!empty($_SESSION['username']) and $_SESSION['AdminID'] == 1) {
echo 
"Logged in!";
} else {
echo 
"Not logged in!";
}
?>
Thanks in advance, k0d3.
Nedim! Reviewed by Nedim! on . [PHP] Session's secure Hello, I am currently making something in PHP,and I have login and It works with Sessions,I saw attack called 'Session Hijacking' so I'll ask you if this vulnerable to 'Session Hijacking'. So,I check if username & password is equal to username & password in database if yes it gives it $_SESSION = $username and $_SESSION = 1. <?php $username = mysql_real_escape_string($_POST); .... if ($row > 0) { $_SESSION = $username; $_SESSION = 1; } Rating: 5