0

I'm working on a web app that accepts only social logins as authentication (Facebook and Google for now). I've successfully implemented the login buttons following each site's instructions, and I use the email address associated with the service as their unique identifier and store it in PHP's $_SESSION variable to navigate through pages.

My question is whether or not I can assume there will be no vulnerabilities if I follow Facebook's and Google's implementation guidelines. I assume using SSL to prevent man-in-the-middle attacks is a must. What else can I do, or avoid, in order to securely handle each user's login and session?

Thank you for your suggestions.

lipusal
  • 155
  • 2
  • 9

1 Answers1

0

OAuth is in itself very secure. If you have implemented this feature according to the guidelines then there should not be any problem.

Apart from that, you just have to make sure that you handle user datas safely,validate and sanitize it properly.Also store your session datas securely. Make sure you follow the guidelines to prevent session hijacking and session fixations attacks.

https://www.owasp.org/index.php/Session_fixation https://www.owasp.org/index.php/Session_hijacking_attack

Also do refer the OWASP website to keep yourself updated regarding the latest security updates.

Abhinav
  • 8,028
  • 12
  • 48
  • 89