Hi! On Wed, Jan 27, 2016 at 11:02 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > > There are 2 ways to keep/generate stolen session > > - Set undeletable cookie to browser > - Get active session via exploit and access it before GC > > As I have already explained, getting active session ID is trivial with > access to psychical device. e.g. Steal colleges' session ID while they > are leaving desk. It's just a matter of displaying session ID cookie > and take picture of it.
- Set undeletable cookie to browser this is - Set unchangable cookie to browser to be precise. -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
