会话值可以被黑客入侵吗? [英] Can session value be hacked?

问题描述

当我在没有注销的情况下退出站点时，下次我浏览该站点时发现我已登录?该服务器如何为我的浏览器恢复会话值?在这个过程中有没有可能被黑客入侵?恢复的会话值会被其他人窃取吗?请分享您对此的概念.提前致谢

When I came out of a site without logging out, next time i browse that site I found I am logged in there? How that server restore the session value for my browser? Is there any chance to be hacked in this process? Can that restored session value be stolen by others? please share your concept about this. thanks in advance

推荐答案

在我知道的所有技术中，基于 Web 的会话值都存储在远程服务器上.因此，要破解您的会话值需要破解远程服务器.您遇到的是您的会话标识符存储在 cookie 中的事实(a session cookie)，这样当您重新打开浏览器时，cookie 将被用于识别您的身份并提供对您的远程会话的访问.通常，会话 cookie 在它们到期并将您注销之前有一个很短的 TTL(生存时间)，但如果没有，那么明确注销应该清除它.如果您真的很担心，可以删除您的 cookie.

In all technologies I'm aware of web-based session values are stored on the remote server. So, to hack your session values would require hacking the remote-server. What you are encountering is the fact that your session identifier is stored in a cookie (a session cookie), so that when you re-open your browser the cookie is being used to identify you and provide access to your remote session. Normally session cookies have a short TTL (time to live) before they expire and log you out, but if not then explicitly logging out should clear it. If you are really worried you can delete your cookies.

这篇关于会话值可以被黑客入侵吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！