Re: session management- your opinion — PHP Programming Language

You are here: Re: session management- your opinion « PHP Programming Language « IT news, forums, messages

Posted by Janwillem Borleffs on 05/28/06 00:39

julianmlp@gmail.com wrote:
> I think through this kind of procedure is hard to hijack an user
> session.
> What do you think?
>

You can test this yourself by faking the HTTP request send to the server
from another machine using a valid session ID.

Just use PHP's socket functions or a HTTP client like wget to send something
like:

GET / HTTP/1.0
Host: yourhost
Cookie: SessionId=<sessionid>

When this succeeds, it means that your sessions aren't binded to a specific
host, and you should revise your approach.

JW

Navigation:

Next in forum: Re: session management- your opinion
Prev in forum: Re: Ticking a check box based on a value from a record
Thread view: Re: session management- your opinion

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация