Shopping Cart Software
Session stealing
This is a discussion on Session stealing within the osCommerce 2.2 Modification Help forums, part of the osCommerce 2.2 Forums category; hello everyone! i have a question, i now use OSCommerce for a couple of days, now my question is if ...
| |||||||
| Register | FAQ | Members List | Calendar | Mark Forums Read |
|
#1
02-11-2004, 02:58 PM
| |||
| |||
 Session stealing hello everyone!  i have a question, i now use OSCommerce for a couple of days, now my question is if i send someone the whole url of the site i am on, for example: product_info.php?products_id=25&osCsid=b53c99e 8ab941c4bf87b0997ac19e885 what if that guys logs in with my account, isn't that a security risk? sorry my question might be a bit stupid  x0x0x claudia     |
|
#2
02-11-2004, 04:52 PM
| ||||
| ||||
| Not stupid. It is a small risk but they would still have to login and to do that they need your username and password to get access to your account, and if the session has already expired there is no risk at all. But, it would be better to delete the session from the link...
__________________ Michael Sasek osCMax Developer
|
 |
| Thread Tools | |
| |
| ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| session id in URL | cominus | osCMax v1.7 Discussion | 3 | 11-11-2004 05:34 PM |
| Session ID | andyy15 | osCommerce 2.2 Modification Help | 3 | 08-15-2004 11:40 PM |
| Session Help | doggifts | osCommerce 2.2 Modification Help | 1 | 10-21-2003 07:09 PM |
| SSL Errors, Session Cookie, Session Cache, NOVICE Problems? | hanool | osCommerce 2.2 Modification Help | 1 | 09-07-2003 11:49 AM |
| session id | thorben | osCommerce 2.2 Installation Help | 2 | 06-03-2003 06:35 AM |
All times are GMT -8. The time now is 06:13 PM.
