Reply to Re: session management- your opinion

Your name:

Reply:


Posted by Janwillem Borleffs on 05/28/06 00:39

julianmlp@gmail.com wrote:
> I think through this kind of procedure is hard to hijack an user
> session.
> What do you think?
>

You can test this yourself by faking the HTTP request send to the server
from another machine using a valid session ID.

Just use PHP's socket functions or a HTTP client like wget to send something
like:

GET / HTTP/1.0
Host: yourhost
Cookie: SessionId=<sessionid>

When this succeeds, it means that your sessions aren't binded to a specific
host, and you should revise your approach.


JW

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация