If I sign-up to a website and the website sends me a cookie with and ID with which it can identify me, can somebody else impersonate me if they get hold o开发者_如何学JAVAf this cookie?
If somebody else knows the format of the cookie and guesses the ID can they impersonate me this way? Also, any material where these things are discussed is appreciated.The answer to both questions is a qualified "yes". But, both impersonations can be made very difficult. Things that make it difficult to steal a session Id from a cookie:
Using https. All communications between you and the server are encrypted and very difficult to hack.
If the server is using PHP sessions, the ID in the cookie is lengthy and difficult to guess.
Even without these, to intercept a cookie is difficult since the perpetrator must make his/her computer listen for transmissions to/from your IP address or the server IP.
Best security is long IDs (a la PHP sessions) combined with usage of https.
If you're developing, here's some good info: http://thinkvitamin.com/code/how-to-create-totally-secure-cookies/
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论