We only keep session data on one of the boxes and to determine which box the data is on we do ( sessionId % 2 ) to discover where to read/write ...
By sending the session ID in hidden form fields, it becomes slightly difficult for space bar clicker the attacker to get the session id. But the attacker can get the session ID by using a personal web proxies such as Achilles. The attacker can paste the stolen session ID in the URL and send a GET request to the server
N
Noradavis
@Noradavis
Posts
-
Share my Session Info(Picture