Penetration Testing mailing list archives

Re: [PEN-TEST] HTTP Secure Session State Management

From: "Matt W." <kmx () EGATOBAS ORG>
Date: Thu, 28 Dec 2000 14:26:04 -0600

um. PHP4 has session_start() / session_register() etc.  This creates a
spiffy little hash table called $SESSION that stores anything you want in
it.  So you can do things like this

$SESSION["login_id"] and then check and see if it's set in all your php
pages to do your session management.

for better examples:
http://www.devshed.com/Server_Side/PHP/Commerce2/page7.html

--------
Matt W.
farm9, Inc.
www.farm9.com

"van der Kooij, Hugo" wrote:

On Thu, 28 Dec 2000, Drew Simonis wrote:

"Edwards, David (JTD)" wrote:


To attempt to bring this back "on-topic" a bit :-)

Has anyone looked at network penetration using WEBDAV/NDSDAV?
Or even seen a security evaluation of WEBDAV/NDSDAV?


Also more on topic... Don't PHP4 and MS ASP have some built in
session management features?  Has anyone hacked these methods
enough to understand what they do?


Can't tell a bit about ASP but PHP(4) does not have anything regarding
session management.

Hugo.

--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () caiw nl        http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
This message has not been checked and may contain harmfull content.

Current thread:

Re: [PEN-TEST] HTTP Secure Session State Management, (continued)
- - Re: [PEN-TEST] HTTP Secure Session State Management Mark Curphey (Dec 27)
  - Re: [PEN-TEST] HTTP Secure Session State Management Robert van der Meulen (Dec 27)
- Re: [PEN-TEST] HTTP Secure Session State Management Yonatan Bokovza (Dec 27)
  - Re: [PEN-TEST] HTTP Secure Session State Management Dom De Vitto (Dec 27)
    - Re: [PEN-TEST] HTTP Secure Session State Management Ian Charnas (Dec 27)
- Re: [PEN-TEST] HTTP Secure Session State Management St. Clair, James (Dec 27)
- Re: [PEN-TEST] HTTP Secure Session State Management Edwards, David (JTD) (Dec 27)
  - Re: [PEN-TEST] HTTP Secure Session State Management Drew Simonis (Dec 28)
    - Re: [PEN-TEST] HTTP Secure Session State Management van der Kooij, Hugo (Dec 28)
    - Re: [PEN-TEST] HTTP Secure Session State Management Thomas Reinke (Dec 28)
    - Re: [PEN-TEST] HTTP Secure Session State Management Matt W. (Dec 28)
    - Re: [PEN-TEST] HTTP Secure Session State Management Drew Simonis (Dec 28)