LESSON6-COOKIES&ACCESSCONTROL

Question 1

are small pieces of data stored on the client’s browser, used to
remember information between requests.

Answer 1

Cookies

Question 2

cookies are managed using the ______ function

Answer 2

setcookie()

Question 3

allows developers to store user preferences, session identifiers, and other data that need to persist across different pages or visits.

Answer 3

Cookies

Question 4

an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.

Answer 4

Cross-site Request Forgery Attacksw

Question 5

exploits a vulnerability in a web application if it cannot differentiate between a request generated by an individual user and a request generated by a user without their consent

Answer 5

Cross-site Request Forgery Attacks

Question 6

is a critical aspect of web application security, determining what resources a user can access and what operations they can perform.

Answer 6

Access Control

Question 7

are typically implemented using sessions, user authentication, and role-based authorization mechanisms.

Answer 7

Access Control

Question 8

are used to maintain user state and data across multiple pages.

Answer 8

• Sessions

Question 9

This is achieved through the ______ function, which initializes a session or resumes the current one based on a session identifier passed via a cookie or URL.

Answer 9

session_start()

Question 10

Implementing _______ in PHP involves verifying user credentials (such as username and password) against stored data.

Answer 10

User Authentication

Question 11

This involves defining roles (e.g., admin, editor, viewer) and assigning permissions to these roles.

Answer 11

Role-Based Access Control (RBAC)

Question 12

PHP frameworks like

Answer 12

Laravel, Symfony, and CodeIgniter

Question 13

are essential for maintaining state information between web pages and user sessions.

Answer 13

Cookies

Question 14

To set a cookie in PHP, you use the ______ function. This function should be called before any output is sent to the browser, as it modifies the HTTP headers.

Answer 14

setcookie()

Question 15

setting cookie syntax

Answer 15

setcookie(name, value, expire, path, domain, secure, httponly);

name: The name of the cookie.
value: The value of the cookie.
expire: The expiration time of the cookie in Unix timestamp format.
path: The path on the server where the cookie is available.
domain: The domain where the cookie is available.
secure: If true, the cookie is only sent over HTTPS.
httponly: If true, the cookie is accessible only through the HTTP protocol, not via JavaScript; prevents client-side scripts from accessing data

Question 16

Accessing a cookie is done through the ____ global variable in PHP. Each cookie set by the server can be retrieved by referencing its name in this array.

Answer 16

$_COOKIE

Question 17

To delete a cookie, you set it with an expiration date in the past. This effectively removes the cookie from the client’s browser.

Answer 17

setcookie(“user”, “”, time() - 3600, “/”);
“this is equivalent to 1hr”

Question 18

is a method to ensure that users are who they claim to be by verifying their credentials, typically a username and password.

Answer 18

HTTP Authentication

Question 19

PHP provides functions like password_hash() to create a secure hash of a password. This function uses strong, one-way hashing algorithms and includes built-in salting and stretching (adding computational work to slow down brute-force attacks).

Answer 19

Hashing

Question 20

PHP provides functions like _______ to create a secure hash of a password.

Answer 20

password_hash()

Question 21

function hashes the plaintext password using a secure one-way hashing algorithm.

Answer 21

password_hash()

Question 22

is a constant parameter that uses the strongest algorithm currently available.

Answer 22

PASSWORD_DEFAULT

Question 23

involves adding a random value (the salt) to a password before hashing it. This prevents attackers from using precomputed tables (rainbow tables) to crack the hashes.

Answer 23

Salting

Question 24

PHP’s _______ () function automatically generates a salt\ and includes it in the resulting hash.

Answer 24

password_hash()

Question 25

When a user attempts to log in, the stored hash must be compared to the hash of the provided password. This is done using the _______ function.

Answer 25

password_verify()

Question 26

in PHP are used to store and manage user data across multiple pages, providing a way to maintain state information between HTTP requests. This is essential for creating a seamless user experience in web applications.

Answer 26

Sessions

Question 27

To start a session in PHP, you use the _______ function. This function initializes a new session or resumes an existing one. It must be called at the beginning of your script before any output is sent to the browser.

Answer 27

session_start()

Question 28

______ are used to store information to be used across multiple pages. These are used to let the web server know “who you are and what you do”.

Answer 28

Session variables

Question 29

destroys all of the data associated with the current session; it destroys the whole session rather than destroying the variables

Answer 29

Session Destroy
session_destroy()

Question 30

deletes only the variables from the session and the session still exists.

Answer 30

Session Unset
session_unset()

Question 31

is crucial to prevent attacks like session hijacking and fixation. Some key practices include regenerating session IDs, using secure cookies, and validating session data.

Answer 31

Session Security

Question 32

the malicious act of taking control of a user’s web session

Answer 32

Session Hijacking

Question 33

an attack where an attacker gets the user to log in to an application using a specific session ID. When the user logs in to a web application using that ID, the attacker knows the victim’s valid session ID and can use it to access the user’s account.

Answer 33

Session Fixation

Question 34

the address people type into a web browser when using the internet

Answer 34

Domain

Question 35

an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website

Answer 35

Cross-site Scripting Attack (XSS)