Hi all,

I have a php_session script with cookies and Double password encryption. How I can check if the script is safe of all possible problems? (Problems such as: cookies are working OK, session started, the right user uses the session, session is destroyed perfectly and others...)

If you need all script, I will change some info in it and post it...

All suggestions are welcome :)

Kind regards...

Trial and error. The problem is that hackers have infinite time to try to hack your site, while you only have limited time to develop it.
What you've described sounds good. The only way to continue checking it is to try to hack it yourself or imagine how someone else might. How could someone steal a session or steal a password? If you can't think of it, you're at least fairly safe.

One thing that helps: you are designing this yourself and the system is unique. That fact means that you won't have people attacking your site or knowing anything about it. This is different than a shared system like a common bulletin board, wordpress, etc. This means that the target is smaller, not that it's 100% secure, but it does help.

Trial and error. The problem is that hackers have infinite time to try to hack your site, while you only have limited time to develop it.
What you've described sounds good. The only way to continue checking it is to try to hack it yourself or imagine how someone else might. How could someone steal a session or steal a password? If you can't think of it, you're at least fairly safe.

One thing that helps: you are designing this yourself and the system is unique. That fact means that you won't have people attacking your site or knowing anything about it. This is different than a shared system like a common bulletin board, wordpress, etc. This means that the target is smaller, not that it's 100% secure, but it does help.

Do you have time to try to hack my system? :) maybe you could try to check main mistakes other do? PM me :D

Sorry, that's not my area. I know about the theoretical ways, but not the actual methods of doing it. Seems like a good service someone could set up, though.... interesting.

Looks like you need the help of a whitehat. Maybe try searching for one on the interwebs, be very careful though :P