كيف تحمي جلسات المستخدمين في PHP من الاختراق؟ دليل أمن الجلسات

دليل المبرمج العربي

اخر تحديث :

Secure PHP Session Management and Preventing Session Hijacking

بعد أن قمنا بتشفير كلمات المرور في المقال السابق، يأتي الآن دور تأمين "جلسة المستخدم" (Session). فبدون حماية الجلسة، يمكن للمخترق سرقة هوية المستخدم حتى لو كانت كلمة مروره مشفرة.

ما هي مخاطر الجلسات غير المحمية؟

بدون إعدادات أمان، يمكن للمهاجم سرقة ملف تعريف الارتباط (Session Cookie) وانتحال شخصية المستخدم. إليك الإعدادات الأساسية لزيادة أمان جلساتك في PHP:

الكود البرمجي لحماية الجلسة:

<?php
// تفعيل الأمان للجلسات
ini_set('session.cookie_httponly', 1); // منع الوصول للجلسة عبر JavaScript
ini_set('session.use_strict_mode', 1); // منع استخدام معرفات جلسة غير صالحة

session_start();
// إعادة إنشاء معرف الجلسة لمنع الهجمات
session_regenerate_id(true);
?>

نصيحة أمنية:

استخدم دائماً session_regenerate_id(true) عند تسجيل دخول المستخدم، فهذا يمنع هجمات تثبيت الجلسة (Session Fixation) بشكل فعال.

تعديل المقال

الأقسام PHP Programming web security

بواسطة : دليل المبرمج العربي

طالب وباحث في علوم برمجة الويب. مهتم بتطوير المواقع باستخدام PHP، أمن المعلومات، ومشاركة المعرفة التقنية عبر مدونتي 'دليل المبرمج العربي

مقالات قد تهمك

تعليقات

إرسال تعليق

window['__wavt'] = 'AEUoTZoYwZmoQWodQ64kGJRHsiDI:1782429377510';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d6980683343201303627','//www.syntaxar.com/2026/06/php_0873512592.html','6980683343201303627'); _WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '6980683343201303627', 'title': '\u062f\u0644\u064a\u0644 \u0627\u0644\u0645\u0628\u0631\u0645\u062c \u0627\u0644\u0639\u0631\u0628\u064a', 'url': 'https://www.syntaxar.com/2026/06/php_0873512592.html', 'canonicalUrl': 'https://www.syntaxar.com/2026/06/php_0873512592.html', 'homepageUrl': 'https://www.syntaxar.com/', 'searchUrl': 'https://www.syntaxar.com/search', 'canonicalHomepageUrl': 'https://www.syntaxar.com/', 'blogspotFaviconUrl': 'https://www.syntaxar.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'ar', 'localeUnderscoreDelimited': 'ar', 'languageDirection': 'rtl', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22\u062f\u0644\u064a\u0644 \u0627\u0644\u0645\u0628\u0631\u0645\u062c \u0627\u0644\u0639\u0631\u0628\u064a - Atom\x22 href\x3d\x22https://www.syntaxar.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22\u062f\u0644\u064a\u0644 \u0627\u0644\u0645\u0628\u0631\u0645\u062c \u0627\u0644\u0639\u0631\u0628\u064a - RSS\x22 href\x3d\x22https://www.syntaxar.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22\u062f\u0644\u064a\u0644 \u0627\u0644\u0645\u0628\u0631\u0645\u062c \u0627\u0644\u0639\u0631\u0628\u064a - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/6980683343201303627/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22\u062f\u0644\u064a\u0644 \u0627\u0644\u0645\u0628\u0631\u0645\u062c \u0627\u0644\u0639\u0631\u0628\u064a - Atom\x22 href\x3d\x22https://www.syntaxar.com/feeds/8190038621846113274/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'isGoogleEverywhereLinkTooltipEnabled': true, 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/ecd9ca2a5bef9569', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': '\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u0631\u0627\u0628\u0637', 'key': 'link', 'shareMessage': '\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u0631\u0627\u0628\u0637', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': '\u0645\u0634\u0627\u0631\u0643\u0629 \u0625\u0644\u0649 Facebook', 'target': 'facebook'}, {'name': '\u0643\u062a\u0627\u0628\u0629 \u0645\u062f\u0648\u0646\u0629 \u062d\u0648\u0644 \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0627\u0631\u0643\u0629', 'key': 'blogThis', 'shareMessage': '\u0643\u062a\u0627\u0628\u0629 \u0645\u062f\u0648\u0646\u0629 \u062d\u0648\u0644 \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0627\u0631\u0643\u0629', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': '\u0645\u0634\u0627\u0631\u0643\u0629 \u0625\u0644\u0649 X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': '\u0645\u0634\u0627\u0631\u0643\u0629 \u0625\u0644\u0649 Pinterest', 'target': 'pinterest'}, {'name': '\u0628\u0631\u064a\u062f \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a', 'key': 'email', 'shareMessage': '\u0628\u0631\u064a\u062f \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27ar\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': '\u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u0632\u064a\u062f', 'pageType': 'item', 'postId': '8190038621846113274', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1kVaDrBsehgv6aeRpH6pGS7OHIQjob5A3EjNjL4KANQfHWP0mmfeKImPWHZmorIrfZTfQuOsQwK460o4w4b9P355ZHp9eh_G0eyeZZvQjDjkmfVqPh9I8y91jZvP99YAgCxCVu8bPycfSuPegGQdf_EWEq-Lr9TK71rLBljcW1dAyL0p-OdDTd4TpbSEO/s72-c/1000182431.png', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1kVaDrBsehgv6aeRpH6pGS7OHIQjob5A3EjNjL4KANQfHWP0mmfeKImPWHZmorIrfZTfQuOsQwK460o4w4b9P355ZHp9eh_G0eyeZZvQjDjkmfVqPh9I8y91jZvP99YAgCxCVu8bPycfSuPegGQdf_EWEq-Lr9TK71rLBljcW1dAyL0p-OdDTd4TpbSEO/s1600/1000182431.png', 'pageName': '\u0643\u064a\u0641 \u062a\u062d\u0645\u064a \u062c\u0644\u0633\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0641\u064a PHP \u0645\u0646 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642\u061f \u062f\u0644\u064a\u0644 \u0623\u0645\u0646 \u0627\u0644\u062c\u0644\u0633\u0627\u062a', 'pageTitle': '\u062f\u0644\u064a\u0644 \u0627\u0644\u0645\u0628\u0631\u0645\u062c \u0627\u0644\u0639\u0631\u0628\u064a: \u0643\u064a\u0641 \u062a\u062d\u0645\u064a \u062c\u0644\u0633\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0641\u064a PHP \u0645\u0646 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642\u061f \u062f\u0644\u064a\u0644 \u0623\u0645\u0646 \u0627\u0644\u062c\u0644\u0633\u0627\u062a', 'metaDescription': '\u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u062d\u0645\u0627\u064a\u0629 \u062c\u0644\u0633\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0641\u064a PHP \u0648\u0645\u0646\u0639 \u0627\u062e\u062a\u0637\u0627\u0641 \u0627\u0644\u062c\u0644\u0633\u0627\u062a (Session Hijacking) \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0625\u0639\u062f\u0627\u062f\u0627\u062a PHP \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648 session_regenerate_id'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': '\u062a\u0639\u062f\u064a\u0644', 'linkCopiedToClipboard': '\u062a\u0645 \u0646\u0633\u062e \u0627\u0644\u0631\u0627\u0628\u0637 \u0625\u0644\u0649 \u0627\u0644\u062d\u0627\u0641\u0638\u0629', 'ok': '\u062d\u0633\u0646\u064b\u0627', 'postLink': '\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0634\u0627\u0631\u0643\u0629'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': '\u0645\u062e\u0635\u0635', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': '\u0643\u064a\u0641 \u062a\u062d\u0645\u064a \u062c\u0644\u0633\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0641\u064a PHP \u0645\u0646 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642\u061f \u062f\u0644\u064a\u0644 \u0623\u0645\u0646 \u0627\u0644\u062c\u0644\u0633\u0627\u062a', 'description': '\u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u062d\u0645\u0627\u064a\u0629 \u062c\u0644\u0633\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0641\u064a PHP \u0648\u0645\u0646\u0639 \u0627\u062e\u062a\u0637\u0627\u0641 \u0627\u0644\u062c\u0644\u0633\u0627\u062a (Session Hijacking) \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0625\u0639\u062f\u0627\u062f\u0627\u062a PHP \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648 session_regenerate_id', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1kVaDrBsehgv6aeRpH6pGS7OHIQjob5A3EjNjL4KANQfHWP0mmfeKImPWHZmorIrfZTfQuOsQwK460o4w4b9P355ZHp9eh_G0eyeZZvQjDjkmfVqPh9I8y91jZvP99YAgCxCVu8bPycfSuPegGQdf_EWEq-Lr9TK71rLBljcW1dAyL0p-OdDTd4TpbSEO/s1600/1000182431.png', 'url': 'https://www.syntaxar.com/2026/06/php_0873512592.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 8190038621846113274}}, {'name': 'widgets', 'data': [{'title': '\u062f\u0644\u064a\u0644 \u0627\u0644\u0645\u0628\u0631\u0645\u062c \u0627\u0644\u0639\u0631\u0628\u064a (\u0631\u0623\u0633 \u0627\u0644\u0635\u0641\u062d\u0629)', 'type': 'Header', 'sectionId': 'logo', 'id': 'Header1'}, {'title': '\u0627\u0644\u0635\u0641\u062d\u0627\u062a', 'type': 'PageList', 'sectionId': 'pages', 'id': 'PageList1'}, {'title': '\u0628\u062d\u062b ...', 'type': 'BlogSearch', 'sectionId': 'searchform', 'id': 'BlogSearch2'}, {'title': '\u0646\u0645\u0648\u0630\u062c \u0627\u0644\u0627\u062a\u0635\u0627\u0644', 'type': 'ContactForm', 'sectionId': 'AddOns', 'id': 'ContactForm200'}, {'title': '\u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u0645\u062f\u0648\u0646\u0629 \u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a\u0629', 'type': 'Blog', 'sectionId': 'Tempnec', 'id': 'Blog1', 'posts': [{'id': '8190038621846113274', 'title': '\u0643\u064a\u0641 \u062a\u062d\u0645\u064a \u062c\u0644\u0633\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0641\u064a PHP \u0645\u0646 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642\u061f \u062f\u0644\u064a\u0644 \u0623\u0645\u0646 \u0627\u0644\u062c\u0644\u0633\u0627\u062a', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1kVaDrBsehgv6aeRpH6pGS7OHIQjob5A3EjNjL4KANQfHWP0mmfeKImPWHZmorIrfZTfQuOsQwK460o4w4b9P355ZHp9eh_G0eyeZZvQjDjkmfVqPh9I8y91jZvP99YAgCxCVu8bPycfSuPegGQdf_EWEq-Lr9TK71rLBljcW1dAyL0p-OdDTd4TpbSEO/s1600/1000182431.png', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'author', 'label': '\u0643\u062a\u0628:'}, {'name': 'timestamp', 'label': '-'}]}, 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'share', 'label': ''}, {'name': 'comments', 'label': 'comments'}, {'name': 'icons', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}], 'allBylineItems': [{'name': 'author', 'label': '\u0643\u062a\u0628:'}, {'name': 'timestamp', 'label': '-'}, {'name': 'share', 'label': ''}, {'name': 'comments', 'label': 'comments'}, {'name': 'icons', 'label': ''}, {'name': 'labels', 'label': ''}]}]}]); _WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'logo', document.getElementById('Header1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList1', 'pages', document.getElementById('PageList1'), {'title': '\u0627\u0644\u0635\u0641\u062d\u0627\u062a', 'links': [{'isCurrentPage': false, 'href': 'https://www.syntaxar.com/p/about-me.html', 'id': '817387528044754745', 'title': '\u0645\u0646 \u0646\u062d\u0646 '}, {'isCurrentPage': false, 'href': 'https://www.syntaxar.com/p/blog-page.html', 'id': '1162057120544225356', 'title': '\u0627\u062a\u0635\u0644 \u0628\u0646\u0627'}, {'isCurrentPage': false, 'href': 'https://www.syntaxar.com/p/blog-page_20.html', 'id': '6958785218076754725', 'title': '\u0633\u064a\u0627\u0633\u0629 \u0627\u0644\u062e\u0635\u0648\u0635\u064a\u0629'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull')); _WidgetManager._RegisterWidget('_BlogSearchView', new _WidgetInfo('BlogSearch2', 'searchform', document.getElementById('BlogSearch2'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_ContactFormView', new _WidgetInfo('ContactForm200', 'AddOns', document.getElementById('ContactForm200'), {'contactFormMessageSendingMsg': '\u062c\u0627\u0631\u064d \u0627\u0644\u0625\u0631\u0633\u0627\u0644...', 'contactFormMessageSentMsg': '\u062a\u0645 \u0625\u0631\u0633\u0627\u0644 \u0631\u0633\u0627\u0644\u062a\u0643.', 'contactFormMessageNotSentMsg': '\u062a\u0639\u0630\u0631 \u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u0631\u0633\u0627\u0644\u0629\u060c \u064a\u0631\u062c\u0649 \u0627\u0644\u0645\u062d\u0627\u0648\u0644\u0629 \u0645\u0631\u0629 \u0623\u062e\u0631\u0649 \u0641\u064a \u0648\u0642\u062a \u0644\u0627\u062d\u0642.', 'contactFormInvalidEmailMsg': '\u064a\u0644\u0632\u0645 \u0625\u062f\u062e\u0627\u0644 \u0639\u0646\u0648\u0627\u0646 \u0628\u0631\u064a\u062f \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a \u0635\u0627\u0644\u062d.', 'contactFormEmptyMessageMsg': '\u0644\u0627 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0643\u0648\u0646 \u062d\u0642\u0644 \u0627\u0644\u0631\u0633\u0627\u0644\u0629 \u0641\u0627\u0631\u063a\u064b\u0627.', 'title': '\u0646\u0645\u0648\u0630\u062c \u0627\u0644\u0627\u062a\u0635\u0627\u0644', 'blogId': '6980683343201303627', 'contactFormNameMsg': '\u0627\u0644\u0627\u0633\u0645', 'contactFormEmailMsg': '\u0628\u0631\u064a\u062f \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a', 'contactFormMessageMsg': '\u0631\u0633\u0627\u0644\u0629', 'contactFormSendMsg': '\u0625\u0631\u0633\u0627\u0644', 'contactFormToken': 'AEUoTZob-oM1IT0ItJex2JqAwneJ:1782429377511', 'submitUrl': 'https://www.blogger.com/contact-form.do'}, 'displayModeFull')); _WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'Tempnec', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2235145584-lbx__ar.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/828616780-lightbox_bundle_rtl.css'}, 'displayModeFull'));