Kurinchi Blogger Scribbles …

Posts Tagged ‘session’

Jul 27

PHP Security: Preventing Session Fixation

Last updated: August 1st, 2009

Session Fixation is method by which an intruder creates a session id which gets carried on when a user comes with that path and continues his/her activity on a website.

For e.g. an intruder may create a link to a site called samplesite.com as <a href=”http://samplesite.com/cart.php?PHPSESSID=Ax23mDud” />Sample Site<a>

When a user clicks on this link the session id gets carried on to the site ‘samplesite.com‘. The intruder waits for the user starts to perform a transaction on the site and will take over vital details by intruding user’s activity on samplesite.com.

Jan 12

What is the difference between a Cookie and a Session?

Last updated: January 12th, 2009

cookie is a text file that is stored on the client in name => value pairs to identify subsequent requests from the client by the server. Max. size of cookie file is 4k and it is stored on the client’s hard disk. Cookies are used as a mechanism to establish state and to track user behavior. (more…)

Valid HTML 4.01 Strict  Valid HTML 4.01 Strict