This question is in my mind for long time, As a web developer, i tried to find answer over the years but failed miserably. Hence, planned to approach the experts here. There are lots of heavy security available in regular java/J2EE apps for session hijacking, so lets discuss the simple javascript app.
For eg: A normal Javascript Application launches (AngularJS), www.example.com/# welcome, after successful login, and user can navigate to the next page, like 'http://ift.tt/2fVORwU', the navigation continues.
Suppose, now user2 without logging in, get to know the url path 'http://ift.tt/2fVORwU', and tries to launch it, the access denies. But how this is happening under the hood. How the javascript handles the session/client id, and tracing.
Or is there any simple approach to handle this session hijacking.
Apologize if the question sounds too dumb.
Thanks, David
Aucun commentaire:
Enregistrer un commentaire