Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    icy
    icy is offline
    New Coder
    Join Date
    Aug 2004
    Location
    Romania
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Security problem

    Hello!
    I'm trying to connect to a server by script. And when I look at their form, there are no hidden fields, and they don't even set cookies.
    When I acces the script that makes the login, it returns "Your user session has expired" but there are no cookies stored.
    What kind of security is this? How do they know that you are logged in, if they doesn't set cookies?

  • #2
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    - they use sessions (and propagate the sessionID in the querystring)
    - they use a db and check against your IP (and wrongly assume that that will stay the same during your session and that it is usersspecific)
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #3
    icy
    icy is offline
    New Coder
    Join Date
    Aug 2004
    Location
    Romania
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok, so that I understand. But what can I do to make my login work? A hint? Does this have something to do with headers I'm getting back from the server or do I have to send a specific header or a post field.
    I'm lost.
    <?php echo "Huh ???"; ?>

  • #4
    icy
    icy is offline
    New Coder
    Join Date
    Aug 2004
    Location
    Romania
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The server sends me back an 'ETag' header. I've looked over the internet for documenting this ETag header and I'm not really sure what should I send back to the server. I think the ETag header is coded and I do not have the decode key. Does this complicate things more than they were?
    <?php echo "Huh ???"; ?>

  • #5
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    it's impossible for us to advice since we don't see what's going on.

    why don't you cantact the other party and ask what goes wrong ot how you can login correctly?
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #6
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I agree, there are just to many issues that could happen during a login procedure, so we can't give good advice. What I would do in your case is to watch the network traffic while you do a standard login through their website. Capture the HTTP headers sent and re-send them with your script. There is a helpful Mozilla plugin that can assist with this task: LiveHTTPHeaders
    De gustibus non est disputandum.

  • #7
    icy
    icy is offline
    New Coder
    Join Date
    Aug 2004
    Location
    Romania
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Cool

    Thanx, this LiveHTTPHeaders really helps me.
    Hope I'll do it eventualy.
    Thanx.
    <?php echo "Huh ???"; ?>


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •