...

View Full Version : Security problem



icy
08-07-2004, 01:10 PM
Hello!
I'm trying to connect to a server by script. And when I look at their form, there are no hidden fields, and they don't even set cookies.
When I acces the script that makes the login, it returns "Your user session has expired" but there are no cookies stored.
What kind of security is this? How do they know that you are logged in, if they doesn't set cookies?

raf
08-08-2004, 12:32 AM
- they use sessions (and propagate the sessionID in the querystring)
- they use a db and check against your IP (and wrongly assume that that will stay the same during your session and that it is usersspecific)

icy
08-16-2004, 11:49 AM
Ok, so that I understand. But what can I do to make my login work? A hint? Does this have something to do with headers I'm getting back from the server or do I have to send a specific header or a post field.
I'm lost.

icy
08-16-2004, 11:55 AM
The server sends me back an 'ETag' header. I've looked over the internet for documenting this ETag header and I'm not really sure what should I send back to the server. I think the ETag header is coded and I do not have the decode key. Does this complicate things more than they were?

raf
08-16-2004, 03:34 PM
it's impossible for us to advice since we don't see what's going on.

why don't you cantact the other party and ask what goes wrong ot how you can login correctly?

mordred
08-16-2004, 04:01 PM
I agree, there are just to many issues that could happen during a login procedure, so we can't give good advice. What I would do in your case is to watch the network traffic while you do a standard login through their website. Capture the HTTP headers sent and re-send them with your script. There is a helpful Mozilla plugin that can assist with this task: LiveHTTPHeaders (http://livehttpheaders.mozdev.org/)

icy
08-17-2004, 10:28 AM
Thanx, this LiveHTTPHeaders really helps me.
Hope I'll do it eventualy.
Thanx.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum