此页面公开了cookie会话名称,必须设置该名称才能访问超级密钥。可以这样被黑客攻击,比如以某种方式远程设置cookie,在这种情况下如何?
<?php
isset($_SESSION) ? true : session_start();
isset($_SESSION['sure_you_have_access']) ? true : exit("NO ACCESS session cookie sure_you_have_access isnt set :S");
echo "Here is the super secret key ABC123, that you shouldn't be able to read unless the session cookie variable sure_you_have_access is set to anything. "; ?>