Author Topic: PHPSESSID (Read 3925 times)

ivica · « **on:** August 31, 2020, 06:32:29 PM »

Do you see PHPSESSID section in ASIF links?
Like this for "The 2020 melting season":
https://forum.arctic-sea-ice.net/index.php/topic,3017.msg284185/topicseen.html?PHPSESSID=9875f3ad0b4e46eb75398c1a90ba6deb#msg284185

Applies to EU members only?
Not UK?
Recently introduced.

Edit:
https://duckduckgo.com/?q=phpsessid&ia=web
https://stackoverflow.com/questions/1370951/what-is-phpsessid

?

oren · « **Reply #1 on:** August 31, 2020, 08:06:52 PM »

I don't. Not EU though.
Maybe try different browsers?

kassy · « **Reply #2 on:** August 31, 2020, 08:17:44 PM »

Not either (EU). Might be a forum hiccup?

ivica · « **Reply #3 on:** August 31, 2020, 08:24:14 PM »

Thanks for the feedback info, folks.

I do not see it browser dependent, but maybe IP address dependent because using Tor and playing with "Tor circuit" that can be avoided sometimes.

more info:

see also "Topic: Forum authentication broken"
https://forum.arctic-sea-ice.net/index.php/topic,2767.msg207703.html#msg207703

Noticed it first a few months ago, feature goes on and off, persistent for a few hours, like something being under test..

Steven · « **Reply #4 on:** August 31, 2020, 08:58:40 PM »

Quote from: ivica on August 31, 2020, 06:32:29 PM

Do you see PHPSESSID section in ASIF links?

It's probably because you disabled cookies. If I disable third-party cookies in Chrome, then I also get the phpsessid query parameter. It disappears when I enable cookies.

https://stackoverflow.com/a/1370974

ivica · « **Reply #5 on:** August 31, 2020, 09:14:47 PM »

Steven, cookies are not blocked in Edge browser but the issue remains.

#paths/tor_circuits for Tor browser which are issue free seems to decreases over time (a few months).

ivica · « **Reply #6 on:** September 01, 2020, 12:38:17 AM »

Thank you all! Since no one else confirms it, it must be an issue with the PC in use here.

Anyway, let me report current situation:
behaviour of it is not consistent, a way to recreate the issue is:
   open browser,
   open Forum page,    (issue present)
   refresh the page.   (no issue)

Forum pages used:
ASIF:   https://forum.arctic-sea-ice.net/
SMCF:    https://www.simplemachines.org/community/index.php
SPF:    http://www.sciphysicsforums.com/spfbb1/

ASIF appears more vulnerable to the issue then the other 2 forums under test, overall - the issue shows up more often on Tor browser then on Edge browser.

The issue examples (ASIF uses "PHPSESSID", SMCF uses "P", SPF uses "sid"):
Recent Posts: https://forum.arctic-sea-ice.net/index.php?PHPSESSID=cfa14b8979522d8480791646cc6e6d80&action=recent
Recent Posts: https://www.simplemachines.org/community/index.php?P=833d8decb1dfe48cde059af6556931a7&action=recent
SPF example : http://www.sciphysicsforums.com/spfbb1/viewforum.php?f=6&sid=5e2c9f2e5cf2c639920049a9884b322d

nanning · « **Reply #7 on:** September 01, 2020, 07:36:33 AM »

From: https://en.wikipedia.org/wiki/Session_ID

As session IDs are often used to identify a user that has logged into a website, they can be used by an attacker to hijack the session and obtain potential privileges. A session ID is usually a randomly generated string to decrease the probability of obtaining a valid one by means of a brute-force search. Many servers perform additional verification of the client, in case the attacker has obtained the session ID. Locking a session ID to the client's IP address is a simple and effective measure as long as the attacker cannot connect to the server from the same address, but can conversely cause problems for a client if the client has multiple routes to the server (e.g. redundant internet connections) and the client's IP address undergoes Network Address Translation.

Examples of the names that some programming languages use when naming their cookie include JSESSIONID (Java EE), PHPSESSID (PHP), and ASPSESSIONID (Microsoft ASP).

ivica · « **Reply #8 on:** September 01, 2020, 09:20:13 AM »

nanning, to increase fun from it

a malicious activity has been considered but have no observation to support it, yet.
Disabling cookies as per Steven's suggestion makes the issue persistent.

nanning · « **Reply #9 on:** September 01, 2020, 10:37:37 AM »

I don't think it was malicious activity ivica.
But someone else who has your active PHPSESSID and the domain, may be able to get into your session (being you) while it is still active if there are no other safeguards. I am no expert in this. My programming days were more than a decade ago.

The wiki info explains a bit what the meaning is of the Session_id (PHPSESSID in PHP script).
Nice that you have solved it with Steven's advice.

FYI
I have all cookies on but they are all deleted when I close my browser (firefox on gnu/linux gnome2).
It is the safest way imo. The drawback is having to login with your credentials everytime you start the browser, and clicking away all the cookie warnings. It is tedious but becomes routine quickly. I have the login passwords encrypted in .7z files so I don't have to remember the password, just a much easier one because there is no way to get to that password file via Internet in normal circumstances. My computer needs to be broken in to for that to happen.

ivica · « **Reply #10 on:** September 01, 2020, 11:10:30 AM »

Thanks for the heads-up,
the issue is declared as a minor one for now. Planned activities will stress this PC system much more soon so time will tell. My case closed.
Thank you all!

News:

Author Topic: PHPSESSID (Read 3925 times)

ivica

PHPSESSID

oren

Re: PHPSESSID

kassy

Re: PHPSESSID

ivica

Re: PHPSESSID

Steven

Re: PHPSESSID

ivica

Re: PHPSESSID

ivica

Re: PHPSESSID

nanning

Re: PHPSESSID

ivica

Re: PHPSESSID

nanning

Re: PHPSESSID

ivica

Re: PHPSESSID