Answer the question
In order to leave comments, you need to log in
S
S
sorry_i_noob2018-06-24 01:10:15
sorry_i_noob, 2018-06-24 01:10:15
The user has a session ID stored in a cookie. So if an attacker gets to the victim's computer, he can just download the cookie for himself?
Hello. Understanding sessions and cookies. I read the answers here:
https://ru.stackoverflow.com/questions/90280/%D0%A... I
was specifically interested in this paragraph:
Typically, sessions are implemented using cookies and session identifiers. Those. the server, for its part, creates a unique identifier, for example, "1a2b3c" (the session_id you asked about), and asks the client to remember it. Usually - with the help of cookies, saying something like Set-Cookie: PHPSESSID=1a2b3c (where "PHPSESSID" is the name of the session, usually it is only one, you rarely need to run several sessions in parallel). For its part, the server somewhere (depending on the implementation, sometimes it's a file, for example, /tmp/1a2b3c, sometimes a database entry, sometimes something else) stores various data that it is ordered to associate with this session. For example, username.
It turns out that if an attacker gets to the victim's computer, he can simply download her cookie for himself? And sit from your computer under her account?
Similar questions
A
T
A
alez8882014-11-15 11:56:16
What is the principle of dividing Firewalls into classes and levels?
1Reply
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question