I'm a software engineer who likes to write articles, road or mountain bike, test gravity, and write code!
I write engineering or opinion articles to help educate others.
Location
Dallas, TX
Education
Software Engineering @ Western Governors University
Thanks for the honest reply. I honestly think that rotating the session often and logging IP's/user-agents/domains is the best way to prevent piggybacking or session hijacking. Ip addresses and domains can be faked. However, over the open web this can be quite difficult (in peer to peer communications such as API's). Rotating would invalidate any stolen sessions before they could be used. The IP logging could be used to determine if access is coming from an unknown address and trigger a 2FA response. The domain would be useful for API based authentication (peer to peer).
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for the honest reply. I honestly think that rotating the session often and logging IP's/user-agents/domains is the best way to prevent piggybacking or session hijacking. Ip addresses and domains can be faked. However, over the open web this can be quite difficult (in peer to peer communications such as API's). Rotating would invalidate any stolen sessions before they could be used. The IP logging could be used to determine if access is coming from an unknown address and trigger a 2FA response. The domain would be useful for API based authentication (peer to peer).