Stop people tampering with their session

Keith Brown has a great post on
how to stop visitors to your website messing around with their session state:

Many web apps rely on some form of client-side state management. It’s
either stored in a cookie, or mangled into the URL. Regardless, have you ever considered
what would happen if a user were to make small changes to (or wholesale replace) that
state? It’s really easy to do if you have the right tools (all you need is a browser
to play with mangled URLs)……


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.