会话劫持或攻击？ [英] Session hijacking or attack?

问题描述

最近，我在错误日志中看到了这一点（每天1个，每天有40k个访问者）：

Lately I have seen this in my error log (1 per day, and I have 40k visitors per day):

[22-Sep-2009 21:13:52] PHP Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /var/my_files/class.session.php on line 67 
[22-Sep-2009 21:13:52] PHP Warning: Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 
[22-Sep-2009 21:13:52] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0

我已经修改了php.ini，使其具有：

I already modified php.ini to have this:

session.use_only_cookies = 1
session.use_trans_sid = 0

我怀疑会话劫持或一种我不知道的攻击（我是parano;））。

I suspect a session hijacking or a kind of attack I am not aware of (I am parano ;) ).

你有什么想法？

推荐答案

这里可能做的是这个客户端改变了PHPSESSID cookie的内容。通常SessionID类似于62bf75fb02922cf9c83fb3521255b4ab（十六进制）

What is probably done here is that this client has changed the PHPSESSID cookie's content. Normally the SessionID is something like "62bf75fb02922cf9c83fb3521255b4ab" (hexadecimal)

但是，用户可能已经使用一些工具修改了cookie。这不会对您的网站和服务器造成危害，因为此修改是在客户端完成的，这样做不会影响服务器（生成这些错误除外）。您可以做的是，当您收到此类错误时，请更改会话ID并替换客户端上的会话ID。

However, the user might have modified the cookie using some tools. This causes no harm to your website and server because this modification is done client side and by doing so it does not affect the server (except generating those errors). What you can do is that when you receive such error, you change the session ID and replace the one that is on the client.

请参阅解决方案：

$ok = @session_start();
if(!$ok){
  session_regenerate_id(true); // replace the Session ID
  session_start(); // restart the session (since previous start failed)
}

记住， t通过PHP会话cookie将文件替换或写入服务器。只有当会话成功启动时，PHP才会写一个关于当前会话的Session文件，并将其存储到tmp文件夹中。一旦文件变旧，文件将被删除。

Remember, you can't replace or write a file onto the server via PHP session cookie. It is only when a session is successfully started, PHP writes a Session file about the current session and stores it to the tmp folder. Once the file becomes old, the file is deleted.

这篇关于会话劫持或攻击？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！