Research Article
Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications
| session_start(); | | //error_reporting(E_PARSE); | | $error = “0”; | | // Default space so that height of page does not shrink | | if(isset($_REQUEST[“userurl”]) && | | isset($_REQUEST[“sas”]) && isset($_REQUEST[“ssp”]) | | && isset($_REQUEST[“checkauth”]) && | | isset($_REQUEST[“token”])) | | if ($_SESSION[“reverse_token”] == | | $_REQUEST[“token”] && $_REQUEST[“checkauth”] == | | “1”) | | //Put Values in Session | | $_SESSION[“token”] = | | $_REQUEST[“token”]; | | $_SESSION[“SAS”] = | | $_REQUEST[“sas”]; | | $_SESSION[“SSP”] = | | $_REQUEST[“ssp”]; | | $_SESSION[“userURL”] = | | $_REQUEST[“userurl”]; | | } | | | elseif(isset($_REQUEST[“userurl”]) && | | isset($_REQUEST[“usas”]) && isset($_REQUEST[“ussp”]) | | && isset($_REQUEST[“login”]) && | | isset($_REQUEST[“token”])) | | if ($_SESSION[“reverse_token”] == | | $_REQUEST[“token”] && $_REQUEST[“sas_ssp”] == “1”) | | | if ($_REQUEST[“usas”] != | | $_SESSION[“SAS”]) | | $error = “Invalid 2nd SAS | | Authentication”; | | } | | elseif ($_REQUEST[“ussp”] != | | $_SESSION[“SSP”]) | | $error = “Invalid 3rd SSP | | Authentication”; | | } | | else | | unset($_SESSION[“SAS”]); | | unset($_SESSION[“SSP”]); | | $_SESSION[“isLoggedIn_oid”]=1; | | // Session Variable | | $_SESSION[“sessid_oid”] = | | session_id(); | | header(“location: home.php”); | | } | | } | | } |
|
