Final answer:
The PHP function cekSession() can help protect against session hijacking by monitoring session attributes such as the user's remote address and user agent, and the session's idle time. If these values change unexpectedly or the session is idle for too long, the session is ended and the user is redirected to the login page.
Step-by-step explanation:
Session hijacking is indeed a substantial security concern, and protection against it can be implemented in PHP. For the logic you've described, the function cek Session() could be written like this:
3600) {
session_unset();
session_destroy();
header('Location: login.php');
exit();
}
$_SESSION['LAST_ACTIVITY'] = time();
}
cek Session();
?>