This code prevents session hijacking. It compares the ip number of the creator with that of the user of the session. If they don’t match it gives an error.
BTW $sid is my session variable.
session_start();
if(!isset($sid) || empty($sid))
{
$sess_addr = $REMOTE_ADDR;
session_register(sess_addr);
}
elseif($sess_addr != $REMOTE_ADDR)
{
echo "This sessions has been hijacked.";
extt;
}
