191
seCure sessIon mAnAgement
Detecting Session Tampering
Two methods for detecting session tampering and whether a session ID is
coming from a legitimate user and hasn’t been stolen are to check the IP address
of the user and the information coming from the user’s browser called the
HTTP_USER_AGENT.
IP address checking is unreliable because it can legitimately change without the
user knowing it because dynamic routers, proxies, and firewalls can change it any
time. is does not constitute a theft or tampering. User agent checking is more reli-
able, as this information does not dynamically change. Usually only a browser upgrade
causes the agent information to change. is is the method recommended here.
User Agent Validation Tracking user ag