I was reading about XSS and I found out that checking IP and user-agent

Question

0

Asked: June 4, 20262026-06-04T20:25:16+00:00 2026-06-04T20:25:16+00:00

I was reading about XSS and I found out that checking IP and user-agent

0

I was reading about XSS and I found out that checking IP and user-agent is a good way to prevent cookie stealing. I tested that on SO and I found out SO doesn’t log out people after changing their IP or user-agent but when I copied ALL headers and send them to SO using another program, it sent me out. How it can detect that something is different when IP and user agent are not important and all http headers are the same?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-04T20:25:18+00:00

Editorial Team

2026-06-04T20:25:18+00:00Added an answer on June 4, 2026 at 8:25 pm

SE for example uses a more way auth. SE saves a token like a cookie as a offline data on a subdomain and sends that to the server where the data are verified on some way. Than you get a temporal token that is send to the login Site and you will been logged in.

I hope that helps.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I was reading about XSS and I found out that checking IP and user-agent

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply