Can you give me an example of a session fixation attack?
I have read about session fixation and from what I understand it forces a user to use an attacker's session. Is this correct? Can you give me an example of how this could offend the user? ...
session-fixation
what is the use of anti-forgery token salt ?
in asp.net mvc 1.0, there is a new feature for handling cross site request forgery security problem: <%= Html.AntiForgeryToken() %> [ValidateAntiForgeryToken] public ViewResult SubmitUpdate() { // ... etc } and i found the token generated in html form keep changing every time a new form is rendered. I want to know how these token...
Secure Member Login Using Cookies
Hello, Is storing username & password of the user in a cookie a good practice? I really want to know how big websites like (Facebook, digg, twitter) handle this. My code is like that: <?php $username = mysql_real_escape_string($_POST['username']); $password = md5($_POST['password']); ?> After every successful login i store the $use...