Reply to Re: Sessions

Your name:

Reply:


Posted by Czapi on 02/22/07 16:04

Erwin Moller wrote:
> I say it is a myth that passing PHPSESSID by URL is less secure than passing
> it by cookie.
> Anybody who can eavesdrop on the traffic between the client and server can
> see the PHPSESSID, in a cookie, or in the URL.
> The content of the cookie is just plain there for anybody to read: in plain
> text.

Simple explanation, try to perform session fixation by sending an URL
over an email client or IM with trans_sid turned off.

--
Cz.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация