Re: session management- your opinion — PHP Programming Language

You are here: Re: session management- your opinion « PHP Programming Language « IT news, forums, messages

Posted by julianmlp on 05/28/06 01:25

Janwillem Borleffs wrote:
> julianmlp@gmail.com wrote:
> > What I was wondering is: Is there any (simple/easy) way to hijack a
> > cookie remotely? (to be afraid of)
> >
>
> When you have the session ID, all you need to do is to pass it as a cookie
> header (not from a URL) to fake the call.

I forgot to mention that the cookie's value isn't the same as the
session ID value...

It's something like that:
$val = sha1($ID_session + $HiddenStringWhichNeverLeaveTheServer)

Navigation:

Next in forum: Re: session management- your opinion
Prev in forum: Re: session management- your opinion
Thread view: Re: session management- your opinion

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация