Home »
FUDforum »
How To »
Sessions!
Sessions! [message #26017] |
Thu, 30 June 2005 18:47 |
dennisp
Messages: 49 Registered: December 2004 Location: Belize
Karma:
|
Member |
|
|
Hiya Ilia...
Question:
Lets say that a user logs in to a forum without using cookies.
After logging in, the url looks something like this....
www.xyz.com/forum/index.php?rid=&S=35df55299d2717d8c737cc86fc1880da
ok now lets say i cut out the '?rid=&S=35df55299d2717d8c737cc86fc1880da' part so that the url looks like this:
www.xyz.com/forum/index.php and i hit enter in my browser...acording to the forum i am logged out now....
I understand this..
Lets say i paste back this part.... '?rid=&S=35df55299d2717d8c737cc86fc1880da'
so that the url again looks like this...
'www.xyz.com/forum/index.php?rid=&S=35df55299d2717d8c737cc86fc1880da'
and i hit enter in my browser..... and follow that link....
Voila, I am logged in again........
I understand this as well....
Now what i want to know is.....what mechanism do you use to prevent the following..
1)Let say i just copied just the part after the index.php in the url....('?rid=&S=35df55299d2717d8c737cc86fc1880da') and went to another computer and typed in www.xyz.com/forum/index.php and appended the copied part..so that it looked like 'www.xyz.com/forum/index.php?rid=&S=35df55299d2717d8c737cc86fc1880da'
and hit enter on the browser on this other computer......
I noticed that the forum does not consider me logged in..even though the session in '?rid=&S=35df55299d2717d8c737cc86fc1880da' still exists....
How do you go about doing this??
EDIT-----------------------------------------------------------
Here is what happened.....after a little bit of experimenting....
I logged on to fudforum on one machine using firefox....cookies were disabled in firefox...and the use cookies option was de-selected while logging in to fudforum...
After logging in..
the url changes from
www.abc.com/forum/index.php
to
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6
Next what i did was..open up....IE on the same computer...and i tried going to the following url...
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6
FudForum...considered me as NOT-LOGGED_IN.......
Then i went on another computer that is on the same network and also connects to the internet thru the same router....
This computer also has XP.....
i opened up firefox with cookies disabled on this computer and pasted the link
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6
and voila...i was considered logged in...????
Now i opened IE on this second computer....and pasted the link
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6
but Fudforum considered me to be not logged in....????
Could you please exlpain.....
best regards..
Dennis
[Updated on: Thu, 30 June 2005 20:19] Report message to a moderator
|
|
|
Goto Forum:
Current Time: Fri Nov 29 02:37:56 GMT 2024
Total time taken to generate the page: 0.03252 seconds