Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
TOC
Intro
ATTACKING
Cookies
Sessions
SESSION
MANAGEMENT
Cookies
vs Sessions
Hijacking
Securing Session Management
Session
INTRODUCTION
COOKIES
authentication
b)
user tracking
c)
22-Nov-14
myths:
a)
b)
c)
facts:
a)
b)
c)
SESSION VS PERSISTENT
A "TRACKING COOKIE"(3)
COOKIES
a) when
b) can
c)
(4)
a)
b)
22-Nov-14
setcookie("name", "value");
setcookie("username", "martay");
SESSIONS
setcookie("favoritecolor", "blue");
1)
2)
10
SESSIONS
SESSIONS
11
12
The Web Application Hackers Handbook: Discovering and Exploiting Security Flaws
22-Nov-14
header("Location: login1.php");
}
?>
13
14
15
16
22-Nov-14
you can find out (or change) the folder where session
data is saved using the session_save_path function
17
18
LOGOUT.PHP
<?php
session_start();
session_destroy();
echo To Login Click <a href='login1.php'>Here</a>;
?>
===
<?php
session_start();
session_destroy();
19
header("Location: login1.php");
?>
20
22-Nov-14
COOKIES VS SESSIONS
1)
SESSIONS HIJACKING
21
22
http://www.phpshare.org/articles/Cookies-versus-Sessions
SESSIONS HIJACKING
(1)
a)
b)
for example,
757365723d6461663b6170703d61646d696e3b64617465
3d30312f31322f3036
23
user=daf;app=admin;date=10/09/07
24
22-Nov-14
(1)
a)
b)
c)
d)
e)
f)
a)
b)
25
26
i.
ii.
iii.
22-Nov-14
SECURING SESSION
MANAGEMENT
b)
i.
ii.
iii.