An attacker can take over the user session before the user's session cookie expires.
在用户的会话cookie失效之前,攻击者就能接管用户会话。
A user is prompted for a user name and password and given a session cookie or session header.
用户会获得提示,要求输入用户名和口令,并将口令和密码保存在会话cookie或会话header中。
A session cookie in conjunction with a random auth token or auth login validation is both reasonable mechanisms.
一个连接中的会话cookie与一个随机鉴定标识或者鉴定登陆审核都是合理的机制。
Think of a situation where an attacker has stolen a user's session cookie and thus may co-use the application.
想想这种情况,一个攻击者窃取了一个用户的session cookie,因此他们可以共用同一个应用。
Application Server only creates the session cookie for this user and assumes that this user has been authenticated.
ApplicationServer只为这个用户创建会话cookie,并假设这个用户已经被认证。
It requests that the portal creates a session cookie whenever a page containing the portlet is accessed, even if no user login exists.
它请求门户在每当包含该Portlet的页面被访问时,即使不存在任何用户登录,也要创建会话Cookie。
Because a secure session cookie is used, users must be sure to exit the browser session when they are finished with an application session.
由于使用安全会话cookie,用户在完成一个应用程序会话时,必须确保退出浏览器会话。
Obtaining the Domino session cookie is an important part of the process, and you can use the same code in other Domino-related applications.
获得Domino会话cookie是此流程的重要部分,您可将相同的代码用于其他与Domino相关的应用程序中。
Use a tool (see Resources) to determine whether a response contains a session cookie, in which case the request is considered to be authenticated.
使用工具(请参阅参考资料)以确定响应是否包含会话Cookie,如果包含,则认为请求是经过验证的请求。
The result of this operation is a long XML string containing all the columns from the Inbox view. You append the session cookie to the header with.
此操作的结果是一个xml长字符串,它包含Inbox视图中的所有列。
By including a session cookie, the Domino server thinks that your script is actually a human user who recently logged in and is now accessing the database.
通过包含会话cookie,Domino服务器会将您的脚本视为最近登录过、现正访问数据库的实际人类用户。
When a user authenticates for the first time, the PHP application, after retrieving the session cookie, asks this agent for the location of the user's mail file.
用户首次进行身份验证时,PHP应用程序首先检索会话cookie,随后要求此代理提供用户邮件文件的位置。
Cookie poisoning is a technique known mainly for achieving impersonation and breach of privacy through manipulation of session cookies that maintain the identity of the client (or end user).
cookie篡改(cookiepoisoning)是一项主要以获取模拟和隐私权泄密著称的技术,通过维护客户(或终端用户)身份的会话信息操纵来实现的。
Cookie-based session affinity helps Web applications work with session information in an elegant and efficient fashion.
基于cookie的会话亲和性帮助Web应用程序高效优雅地处理会话信息。
An identifier for the user or session is stored in a cookie and read on every request.
特定用户或者会话的标识符被存储在一个cookie中,并且在每次请求时读取。
If you see a page displaying a cookie, then session hijacking of the user's account is possible.
如果您看到页面正在显示一个cookie,那么就可能发生用户帐号的会话攻击。
By reading the cookie value, the server can correlate a specific request with a specific session and with previous requests.
通过读取cookie值,服务器能够将特定的请求与特定的会话以及与以前的请求关联起来。
Once the session is created, it is assigned an ID that's stored on the client as a transient cookie.
一旦创建了会话,就为它分配一个标识,该标识作为瞬时cookie被存储在客户机上。
The fetching program can be left bare, or it can require some kind of user login, cookie, or session variable before it retrieves the file.
获取程序可以不采用安全措施,也可以要求提供某种用户登录、Cookie或会话变量才能检索这些文件。
If the JSP container detects a cookie storing the user's current session ID, no rewriting is necessary.
如果jsp容器检测到一个存储用户当前会话标识的cookie,那么就不必进行重写。
We can track the cached state of the client session by using a client cookie. Listing 1 puts it together
通过使用一个客户机cookie,我们可以跟踪客户机会话的缓存状态。
The initialize() function gropes through the DOM of the applet and its parent HTML document looking for an existing session ID in the form of a cookie, and disabling menus appropriately.
initialize()函数在 applet的DOM以及包含它的HTML文档中搜索前进,寻找用cookie形式保存的会话ID,并禁用适当的菜单。
The cookie contains a Lotus Mobile Connect-specific encrypted token and has the secure and session bits turned on.
该cookie包含一个LotusMobile Connect 特有的加密的令牌,并开启安全和会话位。
The passport ID is inserted in the cam_passport cookie, which is used to confirm that the user has successfully been authenticated in his or her current session before.
passportID被放在cam_passportcookie中,使用这个cookie检查用户在当前会话中是否已经成功地通过了身份验证。
By doing this, the session ID is included in the generated URL only if the user's browser has cookie handling turned off. Otherwise, the browser returns the URL unchanged, for example.
这样,只有当用户浏览器关闭了cookie处理,生成的URL中才会包含会话id。
A user accesses server a using a Web browser and obtains an authentication session (represented by an LTPA cookie in the browser).
某个用户使用Web浏览器访问服务器a并获得了一个身份验证会话(在浏览器中使用LTPACokie表示)。
There are other possible solutions like cookie session store (session size is limited, no sensible data in sessions), memcached (too much RAM when you have many sessions + no persistence).
还有其他的解决方案如cookie会话仓库(会话长度有限,不能在会话中存放敏感数据),memcached(无法持久化+难以实现高可用性方案)。
In this example, we deal with a still-popular (yet a bit outdated) application engine. This engine generates a single cookie for each new session.
在这个例子中,我们处理一个仍旧流行的(然而有些过时的)应用程序引擎。
In fact, you can take the value of the session ID cookie and set another cookie named BROWSERID when the user accesses the application for the first time.
实际上,当用户首次访问应用程序时,可以取得会话idcookie的值并设置另一个名为BROWSERID的cookie。
Instead, your programmers should store this information in the session layer of your Web application server or in a cookie.
程序员应该将这一信息存储在Web应用服务器的会话层或者cookie中。
应用推荐