CSRF attacks depend on a server assuming that all requests transmitted from the browser that originally started an authenticated session are valid.
CSRF攻击依赖于这样一个服务器假设:来自启动了验证会话的浏览器的所有请求都是有效的。
Typical security mechanisms assume that once an authenticated session has been established, all subsequent requests from the authenticated browser to the server are valid.
通常安全机制认为,一旦一个已验证会话已被建立,那么来自已验证的浏览器的所有后续请求都是都是有效的。
If a user leaves the page and later returns in the same browser session, he will be returned to the same point where he left off in the application.
如果用户在同一个浏览器会话中离开该页之后又返回,那么将返回他离开该应用程序时所在的同一个位置。
The attack relies on users not directly calling up an SSL session by typing a URL into a browser. Most users initiate sessions by clicking on a button.
该攻击主要依赖于用户在浏览器中输入url却没有直接激活ssl会话,而大部分用户激活(SSL)会话都是通过点击提示的按钮。
The view causes an XSL template to transform the XML representation of the session data into localized HTML returned to the client browser.
视图将导致XSL模板将会话数据的XML表示转换为返回到客户机浏览器的本地化的HTML。
SESSION holds the cookie value until you close the Web browser.
$_SESSION 在您关闭Web浏览器之前一直保存cookie值。
Figure 7 shows four browser sessions running on the same client machine, each session having requested a different locale.
图7显示了运行在同一台客户端机器上的4个浏览器会话,每个会话请求的都是不同的地区。
Unlike a typical Web browser which handles sessions automatically, the JAX-RPC client does not participate in a session with the target service endpoint by default.
与自动处理会话的典型Web浏览器不同的是,JAX - RPC客户端并不缺省的使用目标服务端点参与会话。
The result is a browser session that -from the browser's point of view -never happened.
上XX网站必备么……这个过程从浏览器的角度来看,就是发生了一个从来没有发生过的会话。
Often this is handled with a unique session ID and a cookie in the client browser that holds the information.
通常使用一个惟一的会话ID和客户机浏览器中保存信息的cookie进行处理。
The result is a browser session that - from the browser's point of view - never happened.
上XX网站必备么……这个过程从浏览器的角度来看,就是发生了一个从来没有发生过的会话。
In this example, a browser session, FTP session, and ping were used to generate network traffic.
在这个例子中,使用了一个浏览器会话、一个FTP会话和ping来生成网络流量。
Because a secure session cookie is used, users must be sure to exit the browser session when they are finished with an application session.
由于使用安全会话cookie,用户在完成一个应用程序会话时,必须确保退出浏览器会话。
By doing this, the session ID is included in the generated URL only if the user's browser has cookie handling turned off. Otherwise, the browser returns the URL unchanged, for example.
这样,只有当用户浏览器关闭了cookie处理,生成的URL中才会包含会话id。
All other artifacts are pulled from the server into the browser session along with the index.html file. If you look in the section of the index.html file, you can see the following HTML tags.
其他所有文件都从服务器下载到index.html文件的浏览器会话。
Since we don't want to store the cookies for longer than the browser session, we don't need to bother setting the expiration time.
因为只需要在浏览器会话中保存cookie,而不需要设置有效期。
A user accesses server a using a Web browser and obtains an authentication session (represented by an LTPA cookie in the browser).
某个用户使用Web浏览器访问服务器a并获得了一个身份验证会话(在浏览器中使用LTPACokie表示)。
The browser opens the URL you specified for open browser At (with a long list of parameters to configure the debugger for this debugging session).
浏览器打开OpenBrowserAt指定的URL(包括许多为这个调试会话配置调试器的参数)。
Therefore, if the browser session has two connections already, any further connection requests have to wait until one of the two connections is finished.
因此,如果浏览器会话已经有两个连接,任何其他的连接请求必须等待,直到两个连接中的一个完成。
Finally, the browser receives the session duration time and sets a timeout to keep the connection alive.
最后,浏览器接收会话持续时间并设置一个超时以保持连接处于活跃状态。
If the user closes his browser window, the session also ends.
如果用户关闭浏览器窗口,会话也会结束。
Launch a browser session and open up a dashboard.
启动浏览器会话并打开一个指示板。
If the browser session is lost, the whole shopping cart also vanishes.
如果浏览器会话丢失了,整个购物车也就消失了。
Its lifecycle spans the session and, therefore, is available across multiple requests from the browser.
它的生命周期跨越整个会话,因此它在来自浏览器的多个请求中都可用。
When the user clicks the button the first time during a session, a page is populated from the first document in the current database and sent to the browser.
在会话期间当用户首次单击按钮时,将从当前数据库中的第一个文档开始填充页面,并将页面发送到浏览器。
Now from the desktop you can search different websites without having to open a new browser session.
现在从你的桌面上你可以搜索不同的网页,并不需要使用新的浏览器。
If a server fails, the session state goes away and users experience odd browser behavior " Why am I back to the home page?"
如果服务器发生了故障,会话状态就丢失了,那么用户就会体验到非常奇怪的浏览器行为“为什么我又回到主页上来了?”
When a browser sends a request for a URL that has been rewritten in this manner, the JSP container automatically extracts the session ID and associates the request with the corresponding session.
当浏览器发送用这种方式重写的URL请求时,jsp容器自动抽取会话标识,并将请求与相应的会话进行关联。
Additionally, you can run into issues with this technique if a user creates multiple browser Windows within the same session.
另外,如果用户在同一会话中创建多个浏览器窗口,您使用该方法可能会遇到问题。
As with any other Web applications, it is best to end the browser session to be safe of any future exploits, if the user's machine is compromised.
与任何其他Web应用程序一样,如果用户的机器的安全性受到威胁的话,最好结束浏览器会话以规避将来的安全隐患。
应用推荐