On Sun, Feb 10, 2013 at 12:19 AM, Stephen <stephen-d@xxxxxxxxxx> wrote: > On 13-02-09 04:11 PM, Matijn Woudt wrote: > >> On Sat, Feb 9, 2013 at 9:59 PM, Tedd Sperling <tedd@xxxxxxxxxxxx> wrote: >> >> >> Jonathan: >> >> No offense to your routine, but you may want to review this: >> >> http://sperling.com/php/**authorization/log-on.php<http://sperling.com/php/authorization/log-on.php> >> >> If anyone finds an error, please post. >> >> Cheers, >> >> tedd >> >> Well, I hope you're not actually storing passwords plain text in real life >> examples. >> Other than that, this method allows session hijacking. >> >> - Matijn >> >> Can you explain how a session could be hijacked? > > Thank you! > > -- > Stephen > > Sure, Just basic session stuff first: When you start a session, PHP sends a cookie header in return to the client. This cookie header includes a session id. On next requests your browser will send this same session id back to the server. Now the server knows which session belongs to this client. Now to the session hijack stuff: I assume we are on a normal http server (not https), then this session id will be send plain text in the http headers. Now, assume we are both connected to a hotspot, then I will be able to read all traffic that passes on to this hotspot, a so called man-in-the-middle attack. Once you have logged in, I can get the cookie that contains the session id. Now I can request the private part if I send that same cookie with it. There are more forms of this attack, but they are more complicated. An SSL secured connection solves most, but even with https, it is possible to do this kind of attack. For more info I'd like to refer to google;) - Matijn
