This is a discussion on Session stealing within the osCommerce 2.2 Modification Help forums, part of the osCommerce 2.2 Forums category; hello everyone! i have a question, i now use OSCommerce for a couple of days, now my question is if ...
Session stealing hello everyone!
i have a question, i now use OSCommerce for a couple of days, now my question is if i send someone the whole url of the site i am on, for example: product_info.php?products_id=25&osCsid=b53c99e 8ab941c4bf87b0997ac19e885
what if that guys logs in with my account, isn't that a security risk?
sorry my question might be a bit stupid
x0x0x
claudia
Not stupid. It is a small risk but they would still have to login and to do that they need your username and password to get access to your account, and if the session has already expired there is no risk at all.
But, it would be better to delete the session from the link...
Michael Sasek
osCMax Developer
osCmax Installation Service - Have our professionals install osCmax on your server - same day service!
osCmax 2.5 User Manual - the must have beginners guide to osCmax v2.5
Stay Up To Date with everything osCMax:
Free osCmax Newsletters - Security notices, New Releases, osCMax News
osCmax on Twitter - Up to the minute info as it happens. Know it first.
osCmax Documentation
Posting Permissions
LinkBack URL
About LinkBacks
Bookmarks