If you destroy the session (for exaple with a logoff button) this dosen
work.
Josep R. Raurell
Giancarlo Pinerolo wrote:
>Giancarlo Pinerolo wrote:
>
>>I myself wrote:
>>
>>>Can I tell you more than what the subject says?
>>>proceeding:
>>>Close the browser, clean all your cookies, and open a
Giancarlo Pinerolo wrote:
>
> I myself wrote:
> >
> > Can I tell you more than what the subject says?
> > proceeding:
> > Close the browser, clean all your cookies, and open any page with that
> > ?PHPSESSID=spoofme appended.
> > And see what happens.
spoofme is not the exact term.
?PHPSESSID=
I myself wrote:
>
> Can I tell you more than what the subject says?
> proceeding:
> Close the browser, clean all your cookies, and open any page with that
> ?PHPSESSID=spoofme appended.
> And see what happens.
>
> 1) No cookies are left
> 2) a session 'spoofme' is created
>
> Do you need more?
3 matches
Mail list logo