Skip to Main Content
Secure Development for Mobile Apps
book

Secure Development for Mobile Apps

by J. D. Glaser
October 2014
Intermediate to advanced content levelIntermediate to advanced
472 pages
10h 44m
English
Auerbach Publications
Content preview from Secure Development for Mobile Apps
191
seCure sessIon mAnAgement
Detecting Session Tampering
Two methods for detecting session tampering and whether a session ID is
coming from a legitimate user and hasn’t been stolen are to check the IP address
of the user and the information coming from the user’s browser called the
HTTP_USER_AGENT.
IP address checking is unreliable because it can legitimately change without the
user knowing it because dynamic routers, proxies, and firewalls can change it any
time. is does not constitute a theft or tampering. User agent checking is more reli-
able, as this information does not dynamically change. Usually only a browser upgrade
causes the agent information to change. is is the method recommended here.
User Agent Validation Tracking user ag
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Developing with Web Standards

Developing with Web Standards

John Allsopp
Mobile Cloud Computing

Mobile Cloud Computing

Dijiang Huang, Huijun Wu

Publisher Resources

ISBN: 9781482209037