I'm building a financial services web application and my company wants to incorporate facebook authentication into it. Because we're in the finance world, security is paramount. I'm using the facebook PHP SDK for integration, but I'm really concerned about session hijacking. In my college days I would session hijack the crap out of everyone around me (which was great fun), but I'm trying to find a way to prevent this with my application.My company wants the authentication process as streamlined as possible, so that means something like two-factor authentication is not desirable. But prompting the user for another piece of information AFTER facebook login seems to be the most secure way of doing it. I'm wondering if any of you clever people can come up with some other way of securing this while keeping the entire process simple and quick?
Preventing facebook session hijacking
- Thread starter kspeed
- Start date