PHP: Preventing Session Hijacking with token stored as a cookie?

Question

I\'m working on an RIA in PHP. To try to prevent session hijacking I introduced a token, generated at login, based off a salt, ISO-8601 week number and the user\'s IP.

Answer 1

I have done a RIA with the same approach you have done, and I just set up SSL on the application for security. Since Flex and remoting is sessionless. I d recommend using SSL. My co worker also developed an application with user login/logout and he did the same thing.