Advertisement

06.18.2008 at 01:24PM PDT, ID: 23496745
[x]
Attachment Details

Stop Hijacking Sessions

Asked by judoscott in Active Server Pages (ASP)

Tags:

I have  a few website that use a userID to determine if a user is logged in.  So when I login I go to my profile page which is http://mydomain.com/?userID=100 or something like that.  I met with a guy from the university security department and he showed me how he could hijack the session by setting a userID cookie on his system then set the value to 100 and hijacked the session so he was logged in as me or any user.  He told me I should key on something other than a userID cookie.

Any ideas on how I should do this would be greatly appreciated.  I guess I should alson not have ?userID=100 in the URL.  I would appreciate any help I can get on this.

ThanksStart Free Trial
 
Keywords: Stop Hijacking Sessions
Title
1 Can someone help me analyze this hija…
2 Search Hijack?
3 Session Hijack
4 Session hijacking
5 Help With Hijack This Log
6 Malware Hijacking Browser
 
Loading Advertisement...
 
[+][-]06.18.2008 at 01:26PM PDT, ID: 21816832

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zone: Active Server Pages (ASP)
Tags: ASP, vbscript, mysql
Sign Up Now!
Solution Provided By: 0xSaPx0
Participating Experts: 3
Solution Grade: A
 
 
[+][-]06.18.2008 at 01:35PM PDT, ID: 21816932

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.18.2008 at 02:25PM PDT, ID: 21817402

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.18.2008 at 02:28PM PDT, ID: 21817433

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.18.2008 at 02:36PM PDT, ID: 21817499

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.18.2008 at 02:38PM PDT, ID: 21817515

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.19.2008 at 04:49AM PDT, ID: 21821201

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.19.2008 at 07:44AM PDT, ID: 21822639

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.19.2008 at 09:03AM PDT, ID: 21823587

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]07.07.2008 at 07:24AM PDT, ID: 21945261

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.09.2008 at 08:27AM PDT, ID: 21964735

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628