|Sessions! [message #26017]
||Thu, 30 June 2005 14:47
Registered: December 2004
||add to buddy list
ignore all messages by this user
Lets say that a user logs in to a forum without using cookies.
After logging in, the url looks something like this....
ok now lets say i cut out the '?rid=&S=35df55299d2717d8c737cc86fc1880da' part so that the url looks like this:
www.xyz.com/forum/index.php and i hit enter in my browser...acording to the forum i am logged out now....
I understand this..
Lets say i paste back this part.... '?rid=&S=35df55299d2717d8c737cc86fc1880da'
so that the url again looks like this...
and i hit enter in my browser..... and follow that link....
Voila, I am logged in again........
I understand this as well....
Now what i want to know is.....what mechanism do you use to prevent the following..
1)Let say i just copied just the part after the index.php in the url....('?rid=&S=35df55299d2717d8c737cc86fc1880da') and went to another computer and typed in www.xyz.com/forum/index.php and appended the copied part..so that it looked like 'www.xyz.com/forum/index.php?rid=&S=35df55299d2717d8c737cc86fc1880da'
and hit enter on the browser on this other computer......
I noticed that the forum does not consider me logged in..even though the session in '?rid=&S=35df55299d2717d8c737cc86fc1880da' still exists....
How do you go about doing this??
Here is what happened.....after a little bit of experimenting....
After logging in..
the url changes from
Next what i did was..open up....IE on the same computer...and i tried going to the following url...
FudForum...considered me as NOT-LOGGED_IN.......
Then i went on another computer that is on the same network and also connects to the internet thru the same router....
This computer also has XP.....
i opened up firefox with cookies disabled on this computer and pasted the link
and voila...i was considered logged in...????
Now i opened IE on this second computer....and pasted the link
but Fudforum considered me to be not logged in....????
Could you please exlpain.....
[Updated on: Thu, 30 June 2005 16:19]
Report message to a moderator