Thanks Brent, well to be honest, I didn't test it as a solution, yet I read about it in many articles, the idea seems to solve the problem, in fact some solutions tend to use IP address and the UserAgent of the client.
I currently started studying cyber security, and I can tell you that nothing, and I mean literally NOTHING is unhackable... ( IP addresses can be spoofed )
it's simply about trying to make things safer harder to break through.
I'm a software engineer who likes to write articles, road or mountain bike, test gravity, and write code!
I write engineering or opinion articles to help educate others.
Location
Dallas, TX
Education
Software Engineering @ Western Governors University
Thanks for the honest reply. I honestly think that rotating the session often and logging IP's/user-agents/domains is the best way to prevent piggybacking or session hijacking. Ip addresses and domains can be faked. However, over the open web this can be quite difficult (in peer to peer communications such as API's). Rotating would invalidate any stolen sessions before they could be used. The IP logging could be used to determine if access is coming from an unknown address and trigger a 2FA response. The domain would be useful for API based authentication (peer to peer).
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks Brent, well to be honest, I didn't test it as a solution, yet I read about it in many articles, the idea seems to solve the problem, in fact some solutions tend to use IP address and the UserAgent of the client.
I currently started studying cyber security, and I can tell you that nothing, and I mean literally NOTHING is unhackable... ( IP addresses can be spoofed )
it's simply about trying to make things safer harder to break through.
Thanks for the honest reply. I honestly think that rotating the session often and logging IP's/user-agents/domains is the best way to prevent piggybacking or session hijacking. Ip addresses and domains can be faked. However, over the open web this can be quite difficult (in peer to peer communications such as API's). Rotating would invalidate any stolen sessions before they could be used. The IP logging could be used to determine if access is coming from an unknown address and trigger a 2FA response. The domain would be useful for API based authentication (peer to peer).