1
Q
What are sessions?
A
Sessions enable the app to maintain user-specific state while the users interact with the app.
For example, session allows the users to authenticate once and remain signed in for future requests.
2
Q
Session Hijacking
A
Stealing a user’s session ID lets an attacker use the web application in the victim’s name.
3
Q
Ways to hijack a session
A
- Sniff the cookie in an insecure network
solution: provide a secure connection over SSL - Not clearing out the cookies after working at a public terminal
solution: make logout button prominent; invalidate the session more frequently - cross-site scripting (XSS) exploits aimed at obtaining the user’s cookie
- Session fixation - Instead of stealing a cookie unknown to the attacker, they fix a user’s session identifier (in the cookie) known to them.
4
Q
What is SSL?
A
SSL: Secure Sockets Layer
SSL is standard technology for securing an internet connection by encrypting data sent between a website and a browser (or between two servers). It prevents hackers from seeing or stealing any information transferred, including personal or financial data.
5
Q
Session Storage
A
Rails uses ActionDispatch::Session::CookieStore as the default session storage
Job Search
flashcards
Decks in class (13)
# Cards
