黑客PHP页面检查是否设置了会话cookie变量并公开其名称

时间:2014-01-19 16:56:39

标签: php security session cookies code-access-security

此页面公开了cookie会话名称,必须设置该名称才能访问超级密钥。可以这样被黑客攻击,比如以某种方式远程设置cookie,在这种情况下如何? 

<?php 
isset($_SESSION) ? true : session_start();
isset($_SESSION['sure_you_have_access']) ? true : exit("NO ACCESS session cookie sure_you_have_access isnt set :S");

echo "Here is the super secret key ABC123, that you shouldn't be able to read unless the session cookie variable sure_you_have_access is set to anything. "; ?>

0 个答案:

没有答案
相关问题
最新问题