sessionid

Proper session hijacking prevention in PHP

懵懂的女人 提交于 2019-11-27 06:38:26
I know this topic has been discussed a lot , but I have a few specific questions still not answered. For example: // **PREVENTING SESSION HIJACKING** // Prevents javascript XSS attacks aimed to steal the session ID ini_set('session.cookie_httponly', 1); // Adds entropy into the randomization of the session ID, as PHP's random number // generator has some known flaws ini_set('session.entropy_file', '/dev/urandom'); // Uses a strong hash ini_set('session.hash_function', 'whirlpool'); // **PREVENTING SESSION FIXATION** // Session ID cannot be passed through URLs ini_set('session.use_only_cookies'

Get Windows user name from SessionID

血红的双手。 提交于 2019-11-27 05:50:36
问题 Is there a method in C# to retrieve the user name from a given session id? (any session running on the system) The Win API function WTSQuerySessionInformation does this, but I'm searching for this funcationality in C#. 回答1: There seems to be no .NET integrated method for this. So this is the current solution, using Windows Terminal services API: [DllImport("Wtsapi32.dll")] private static extern bool WTSQuerySessionInformation(IntPtr hServer, int sessionId, WtsInfoClass wtsInfoClass, out

How to Generate a new Session ID

落花浮王杯 提交于 2019-11-27 05:33:29
问题 Is it possible to generate a new ID for the session using ASP.NET? I want it to change when someone logs in to my website just before I set their initial session variables. 回答1: You can do this using the SessionIdManager class: SessionIDManager manager = new SessionIDManager(); string newID = manager.CreateSessionID(Context); bool redirected = false; bool isAdded = false; manager.SaveSessionID(Context, newID, out redirected, out isAdded); [Code sample is from Anas Ghanem's article] 回答2: you

How to maintain the same session id across multiple web applications in ASP.NET

ε祈祈猫儿з 提交于 2019-11-27 02:24:44
问题 I have two identical applications setup on IIS on different virtual directories (I have done some workaround to ensure that they both have the same application name). Is there a way to share session id across two asp.net web applications? Since I'm storing the session in StateServer, they should both be getting the same session data, however, a different session id is created everytime I go from application a to applicatino b. Wouldn't this happen in a load balancing scenario as well? Where

session_start() creates new session every refresh [duplicate]

故事扮演 提交于 2019-11-26 22:06:30
问题 This question already has answers here : How to fix “Headers already sent” error in PHP (11 answers) Closed 6 years ago . I am having an issue with session_start() . It is creating a new session every refresh/load of the page. here is the code: <?php $bob = session_id(); echo "Session ID on load is ".$bob; echo "<br>"; if($bob==""){ session_start(); $bob = session_id(); echo ' session ID currently is '.$bob; } // a bunch more stuff when i load the page, I get the following: Session ID on load

PHP: session isn't saving before header redirect

三世轮回 提交于 2019-11-26 21:47:57
问题 I have read through the php manual for this problem and it seems quite a common issue but i have yet to find a solution. I am saving sessions in a database. My code is as follows: // session $_SESSION['userID'] = $user->id; header('Location: /subdirectory/index.php'); Then at the top of index.php after the session_start() , i have var_dumped the $_SESSION global and the userID is not in there. As i said ive looked through the PHP manual ( http://php.net/manual/en/function.session-write-close

Generating a new ASP.NET session in the current HTTPContext

↘锁芯ラ 提交于 2019-11-26 18:42:15
As a result of a penetration test against some of our products in the pipeline, what looked to be at the time an 'easy' problem to fix is turning out to be a toughy. Not that it should of course, I mean why would just generating a brand new session for the current HTTPContext be so difficult? Bizarre! Anyway- I've written a cheeky little utility class to "just do it": (apologies for code formatting/highlighting/Visual Basic I must be doing something wrong) Imports System.Web Imports System.Web.SessionState Public Class SwitchSession Public Shared Sub SetNewSession(ByVal context As HttpContext)

Proper session hijacking prevention in PHP

我们两清 提交于 2019-11-26 12:06:20
问题 I know this topic has been discussed a lot , but I have a few specific questions still not answered. For example: // **PREVENTING SESSION HIJACKING** // Prevents javascript XSS attacks aimed to steal the session ID ini_set(\'session.cookie_httponly\', 1); // Adds entropy into the randomization of the session ID, as PHP\'s random number // generator has some known flaws ini_set(\'session.entropy_file\', \'/dev/urandom\'); // Uses a strong hash ini_set(\'session.hash_function\', \'whirlpool\');

Generating a new ASP.NET session in the current HTTPContext

£可爱£侵袭症+ 提交于 2019-11-26 06:31:19
问题 As a result of a penetration test against some of our products in the pipeline, what looked to be at the time an \'easy\' problem to fix is turning out to be a toughy. Not that it should of course, I mean why would just generating a brand new session for the current HTTPContext be so difficult? Bizarre! Anyway- I\'ve written a cheeky little utility class to \"just do it\": (apologies for code formatting/highlighting/Visual Basic I must be doing something wrong) Imports System.Web Imports

ASP.NET: Session.SessionID changes between requests

谁说我不能喝 提交于 2019-11-26 06:26:50
Why does the property SessionID on the Session -object in an ASP.NET-page change between requests? I have a page like this: ... <div> SessionID: <%= SessionID %> </div> ... And the output keeps changing every time I hit F5, independent of browser. This is the reason When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. As a result, a new session ID is generated for each page request until the session object is accessed. If your application requires a static session ID for the entire session, you can either implement the
订阅 sessionid