Network & Protocols
  • Introduction
  • Chapter1: protocol for industrial
    • 1.1.modbus
  • Chapter2: Protocol for IOT
    • 2.1.MQTT
      • 2.1.1.Introduction: What is MQTT?
      • 2.1.2.Install mosquitto on Windows 7
      • 2.1.3.Install M2Mqtt by Nuget, Example code
  • Chapter3: Protocol for network
    • 3.1.網路模型與協定
    • 3.2.HTTP
      • 3.2.1.Basic concept
      • 3.2.2.Session & Cookie
    • 3.3.TCP/IP
    • 3.4.UDP
    • 3.5.子網路(subnet)
    • 3.6.子網路間的通訊
    • 3.7.路由
  • Chapter4: Protocol for Wireless network
    • 4.1.BLE, IBeacon
  • Chapter5: Cellular and Wifi
    • 5.1.Cellular module
      • 5.1.1.AT Command
      • 5.1.2.各家常用模組
        • 5.1.2.1.Cinterion
          • 5.1.2.1.1.PLS8-E
          • 5.1.2.1.2.PLS8-X
          • 5.1.2.1.3.PLS8-US
        • 5.1.2.2.Sierra
          • 5.1.2.2.1.MC-7354
        • 5.1.2.3.Telit
          • 5.1.2.3.1.LE910-EUG
          • 5.1.2.3.2.LE910-NAG
      • 5.1.3.用儀器測試Throughput
    • 5.2.MBIM for Windows
    • 5.3.Wireshark
      • 5.3.1.Capture filter
      • 5.3.2.Cli command
      • 5.3.3.Monitor mode
      • 5.3.4.Work with ssh
    • 5.4.LTE
      • 5.4.1.Introduction
      • 5.4.2.Types of networks
      • 5.4.3.Elements of access and core networks
      • 5.4.4.What's LTE different?
      • 5.4.5.LTE訊息傳輸
      • 5.4.6.3GPP (Generation Partnership Project)
      • 5.4.7.FDD, TDD, Half Duplex FDD
      • 5.4.8.Beared Types
Powered by GitBook
On this page

Was this helpful?

  1. Chapter3: Protocol for network
  2. 3.2.HTTP

3.2.2.Session & Cookie

Previous3.2.1.Basic conceptNext3.3.TCP/IP

Last updated 5 years ago

Was this helpful?

  • Overview

    • 由於HTTP為stateless, 故當server要記住client等資訊時, 一般常用的方法是使用Session或Cookie

  • Cookie

    • 當server希望client記住一些資訊時, 就會發送cookie給client, 資訊會記在HTTP header

    • 在client端會將這些資訊記錄在browser中

  • Session (參考自)

    • Session則是儲存在server端

    • server會先發送session ID給client, client利用cookie將session ID儲存起來

    • 當client發下一個request時,server會先判斷requset中是否帶有session ID, server端會有對應的session ID來辨認每個使用者所儲存的資料

  • Session 攻擊

    • 由於session ID如同身分證, 若hacker從cookie中竊取了session ID, 等同於身份被冒用

    • 攻擊手法

      • 猜測 Session ID (Session Prediction)

      • 竊取 Session ID (Session Hijacking)

      • 固定 Session ID (Session Fixation)

戴夫寇爾