Author Topic: [Session Tutorial] - Pasting SESSIONID from URL bar in the forum. (Read 3486 times)

TheOracle · « **on:** January 02, 2006, 02:51:18 AM »

Lately, I did some research on the forum regarding site postings which, unfortunitely, includes the "SESSIONID" query.

Meaning, this is a security risk for posters. Why ? Your session is being encrypted "but" - by posting your random generated numbers, a hacker could easily decode the number you're posting.

// How to be protected your session activities by posting the links ?

It is very easy actually. In order to protect your sessions, simply post your URLs

like this :

http://www.yoursite.com/4images/file.php?your_page_query=id_number

and NOT like this :

http://www.yoursite.com/4images/file.php?your_page_query=id_number&SESSIONID=yourrandomnumber

This way, a new SESSIONID number will be generated from each new visitors that clicks on your pointed site from the forum (or even from anywhere else on the net - regarding the places you posted your link).

Regards.

TheOracle.

V@no · « **Reply #1 on:** January 02, 2006, 03:28:01 AM »

This is already covered in FAQ:
http://www.4homepages.de/forum/index.php?topic=8802.0
And it only affects 4images v1.7.1 which is not patched with this fix:
http://www.4homepages.de/forum/index.php?topic=8895.0

4images Forum & Community

News:

Author Topic: [Session Tutorial] - Pasting SESSIONID from URL bar in the forum. (Read 3486 times)

TheOracle

[Session Tutorial] - Pasting SESSIONID from URL bar in the forum.

V@no

Re: [Session Tutorial] - Pasting SESSIONID from URL bar in the forum.