Hey Coders !
This is to inform you all that session hijacking is possible in both Codechef and SPOJ. Though it’s sad to see that platforms like codechef have such a security issues, in order to preventof session hijacking, you are requested to log out of the page as soon as you are leaving the page. This will destroy the session on the server and hence session hijacking will be prevented.
To check the proof of this you can follow the below steps:-
- Install some of the cookie managers, so that you can edit the cookie values. eg : EditThisCookie is the chrome extension for cookie management
- Log in to your codechef account in one browser.
- Open incognito window and load codechef.com [Don’t login here].
- Copy this value and paste this to the incognito window cookie whose value starts with SESS. You have to use the previously installed extension in order to edit the cookie.
- Reload the page. You will be logged in.
You can use the same procedure to log in to spoj. But the name of the cookie is SPOJ there.
NOTE: Despite of the fact that I mailed this issue to Codechef 2 days back, they don’t care about it. So it’s upto you now to protect yourself.