FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » Sessions!
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Sessions! [message #26017] Thu, 30 June 2005 18:47 Go to previous message
dennisp is currently offline  dennisp   Belize
Messages: 49
Registered: December 2004
Location: Belize
Karma:
Member
Hiya Ilia...

Question:

Lets say that a user logs in to a forum without using cookies.
After logging in, the url looks something like this....

www.xyz.com/forum/index.php?rid=&S=35df55299d2717d8c737cc86fc1880da

ok now lets say i cut out the '?rid=&S=35df55299d2717d8c737cc86fc1880da' part so that the url looks like this:

www.xyz.com/forum/index.php and i hit enter in my browser...acording to the forum i am logged out now....
I understand this..

Lets say i paste back this part.... '?rid=&S=35df55299d2717d8c737cc86fc1880da'
so that the url again looks like this...
'www.xyz.com/forum/index.php?rid=&S=35df55299d2717d8c737cc86fc1880da'

and i hit enter in my browser..... and follow that link....

Voila, I am logged in again........

I understand this as well....

Now what i want to know is.....what mechanism do you use to prevent the following..

1)Let say i just copied just the part after the index.php in the url....('?rid=&S=35df55299d2717d8c737cc86fc1880da') and went to another computer and typed in www.xyz.com/forum/index.php and appended the copied part..so that it looked like 'www.xyz.com/forum/index.php?rid=&S=35df55299d2717d8c737cc86fc1880da'
and hit enter on the browser on this other computer......

I noticed that the forum does not consider me logged in..even though the session in '?rid=&S=35df55299d2717d8c737cc86fc1880da' still exists....

How do you go about doing this??

EDIT-----------------------------------------------------------

Here is what happened.....after a little bit of experimenting....

I logged on to fudforum on one machine using firefox....cookies were disabled in firefox...and the use cookies option was de-selected while logging in to fudforum...
After logging in..
the url changes from

www.abc.com/forum/index.php
to
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6

Next what i did was..open up....IE on the same computer...and i tried going to the following url...
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6

FudForum...considered me as NOT-LOGGED_IN.......

Then i went on another computer that is on the same network and also connects to the internet thru the same router....
This computer also has XP.....
i opened up firefox with cookies disabled on this computer and pasted the link
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6
and voila...i was considered logged in...????

Now i opened IE on this second computer....and pasted the link
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6
but Fudforum considered me to be not logged in....????

Could you please exlpain.....

best regards..

Dennis

[Updated on: Thu, 30 June 2005 20:19]

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Previous Topic: Re-download from NNTP
Next Topic: Handling of Daylight Savings Time
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 29 02:37:56 GMT 2024

Total time taken to generate the page: 0.03252 seconds