获取会话值并通过javascript销毁价值 [英] Get Session Value And destroy the value Through javascript

问题描述

我想破坏保存的会话值，然后将新值设置为会话变量。



如果有人有答案请帮帮我

I want to destroy the session value which is saved and then set new value to the session variable.

if anyone have the answer please help me

推荐答案

非常简单没有。



Javascript，一个在客户端浏览器沙箱中运行的引擎，无法访问到服务器托管的会话对象。也不应该。想想安全隐患？



我的建议是使用AJAX。编写JS以对特意设计的页面进行AJAX调用以修改会话。



但是我仍然会关注这一点，就好像我在查询你的时候发现它一样使用我的浏览器开发工具的页面，我可以很容易地滥用它并在您的服务器上对我的会话进行修改。



根据您的网站所做的，请说商店？我可以破解它并为自己订购许多免费产品！



在考虑网站安全时，你应该看看OWASP和PCIDSS。



https://www.owasp.org [ ^ ]

https://www.pcisecuritystandards.org/security_standards/index.php [ ^ ]

Quite simply no.

Javascript, a engine which runs in the client browser sandbox, does not have access to the server hosted session object. Nor should it. Just think about the security implications?

My advice would be to use AJAX. Write JS to make an AJAX call to purposely designed page for modifying the session.

But I'd still be concerned about this too as if I found it whilst interrogating your page using my browsers developer tools, I could quite easily abuse it and make modifications to my session on your server.

Depending on what your site does, say a shop? I could hack it and order myself lots of free products!

When thinking about website security you should take a look at OWASP and PCIDSS.

https://www.owasp.org[^]
https://www.pcisecuritystandards.org/security_standards/index.php[^]

这篇关于获取会话值并通过javascript销毁价值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！