Gorilla web toolkit
How do I prevent unlimited sessions files from being generated? #43
Unanswered
dreams-money
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello all,
First, thank you for making and maintaining such a helpful set of packages. In particular, the session package. I can't image a modern website without sessions.
Gratitude expressed, I was wondering if there's been any thought or prevention method toward what I'm dubbing as an "unlimited file sessions" attack.
I.e. If I delete the session cookie from my browser, then reload a web page - a new session file is generated on a server.
What's preventing a loop from being written that would repeat the above process until a system disk was filled?
Beta Was this translation helpful? Give feedback.
All reactions