FUDforum: How To » Sessions!

Home » FUDforum » How To » Sessions!

Show: Today's Messages :: Polls :: Message Navigator

Sessions! [message #26017]

Thu, 30 June 2005 18:47

dennisp

Messages: 49
Registered: December 2004
Location: Belize

Karma:

Member

Hiya Ilia...

Question:

Lets say that a user logs in to a forum without using cookies.
After logging in, the url looks something like this....

www.xyz.com/forum/index.php?rid=&S=35df55299d2717d8c737cc86fc1880da

ok now lets say i cut out the '?rid=&S=35df55299d2717d8c737cc86fc1880da' part so that the url looks like this:

www.xyz.com/forum/index.php and i hit enter in my browser...acording to the forum i am logged out now....
I understand this..

Lets say i paste back this part.... '?rid=&S=35df55299d2717d8c737cc86fc1880da'
so that the url again looks like this...
'www.xyz.com/forum/index.php?rid=&S=35df55299d2717d8c737cc86fc1880da'

and i hit enter in my browser..... and follow that link....

Voila, I am logged in again........

I understand this as well....

Now what i want to know is.....what mechanism do you use to prevent the following..

1)Let say i just copied just the part after the index.php in the url....('?rid=&S=35df55299d2717d8c737cc86fc1880da') and went to another computer and typed in www.xyz.com/forum/index.php and appended the copied part..so that it looked like 'www.xyz.com/forum/index.php?rid=&S=35df55299d2717d8c737cc86fc1880da'
and hit enter on the browser on this other computer......

I noticed that the forum does not consider me logged in..even though the session in '?rid=&S=35df55299d2717d8c737cc86fc1880da' still exists....

How do you go about doing this??

EDIT-----------------------------------------------------------

Here is what happened.....after a little bit of experimenting....

I logged on to fudforum on one machine using firefox....cookies were disabled in firefox...and the use cookies option was de-selected while logging in to fudforum...
After logging in..
the url changes from

www.abc.com/forum/index.php
to
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6

Next what i did was..open up....IE on the same computer...and i tried going to the following url...
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6

FudForum...considered me as NOT-LOGGED_IN.......

Then i went on another computer that is on the same network and also connects to the internet thru the same router....
This computer also has XP.....
i opened up firefox with cookies disabled on this computer and pasted the link
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6
and voila...i was considered logged in...????

Now i opened IE on this second computer....and pasted the link
www.abc.com/forum/index.php?rid=&S=477ea0865fdc2e70ca0ee4cba0faa7c6
but Fudforum considered me to be not logged in....????

Could you please exlpain.....

best regards..

Dennis

[Updated on: Thu, 30 June 2005 20:19]

Report message to a moderator

[Message index]

		Sessions! By: dennisp on Thu, 30 June 2005 18:47
		Re: Sessions! By: Ilia on Thu, 30 June 2005 20:25
		Re: Sessions! By: dennisp on Thu, 30 June 2005 21:20
		Re: Sessions! By: Ilia on Thu, 30 June 2005 21:23

Previous Topic:	Re-download from NNTP
Next Topic:	Handling of Daylight Savings Time

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Nov 22 15:40:34 GMT 2024

Total time taken to generate the page: 0.06697 seconds