|
|
|
|
|
|
by CiPHPerCoder
2314 days ago
|
|
|
> I can forge my servserside session id for session hijacking. This is what I understood. Forge this. For each session: session_id = bin2hex(random_bytes(32))
Yes, you can change what you send to the server. But you can't hijack another user's session in this probability space (2^-256) by blind guessing. Instead, you need another way to leak their credentials to hijack the session. |
|
|