Research Article
Assessment of Secure OpenID-Based DAAA Protocol for Avoiding Session Hijacking in Web Applications
session_start(); | //error_reporting(E_PARSE); | $error = “0”; | // Default space so that height of page does not shrink | if(isset($_REQUEST[“userurl”]) && | isset($_REQUEST[“sas”]) && isset($_REQUEST[“ssp”]) | && isset($_REQUEST[“checkauth”]) && | isset($_REQUEST[“token”])) | if ($_SESSION[“reverse_token”] == | $_REQUEST[“token”] && $_REQUEST[“checkauth”] == | “1”) | //Put Values in Session | $_SESSION[“token”] = | $_REQUEST[“token”]; | $_SESSION[“SAS”] = | $_REQUEST[“sas”]; | $_SESSION[“SSP”] = | $_REQUEST[“ssp”]; | $_SESSION[“userURL”] = | $_REQUEST[“userurl”]; | } | | elseif(isset($_REQUEST[“userurl”]) && | isset($_REQUEST[“usas”]) && isset($_REQUEST[“ussp”]) | && isset($_REQUEST[“login”]) && | isset($_REQUEST[“token”])) | if ($_SESSION[“reverse_token”] == | $_REQUEST[“token”] && $_REQUEST[“sas_ssp”] == “1”) | | if ($_REQUEST[“usas”] != | $_SESSION[“SAS”]) | $error = “Invalid 2nd SAS | Authentication”; | } | elseif ($_REQUEST[“ussp”] != | $_SESSION[“SSP”]) | $error = “Invalid 3rd SSP | Authentication”; | } | else | unset($_SESSION[“SAS”]); | unset($_SESSION[“SSP”]); | $_SESSION[“isLoggedIn_oid”]=1; | // Session Variable | $_SESSION[“sessid_oid”] = | session_id(); | header(“location: home.php”); | } | } | } |
|