阅读背景:

php会话id可以从任何地方在服务器上运行变量吗?

来源:互联网 

When cookies are disabled, (and sessions are being used) the default .htaccess file allows php to append a get variable to the end of the url containing the session id to continue using sessions. Obviously this is a major security flaw, but does this mean (I dont have a custom server to test on and most servers have this off) that somebodies session can be accessed from anywhere, as long as the session is open and one has the id?When cookies are disabled, (and sessions are be




你的当前访问异常,请进行认证后继续阅读剩余内容。

分享到: