Category Archives: HTTP Concepts

How to use Telnet

TL;DR; Telnet is a network protocol that allows a user on one computer to log into another computer that is part of the same network.

Telnet is a text based application, often used at the command line of an operating system. Most importantly it uses the Telnet protocol (which is part of the TCP/IP protocol suite) to connect to a remote computer over a network. Keep in mind, telnet is an external command, which is available in certain microsoft operating systems as telent.exe. Running the telnet application requires different set of commands on different operating systems.

telnet
how telnet works

Example:

prompt$ telnet kumar.swatantra.info 23

Usage:

# telnet [host [port]]
telnet servername-or-ip [port-number]

Ports are specific gateways for Internet traffic to travel over. It’s similar to a large hallway with many doors leading outside. If a door is locked, you cannot access the outside world.

Telnet syntax

telnet [host [port]]

host Specifies the hostname or IP address of the remote computer.
port Specifies the port number or service name.

Commands available through the actual telnet program:

close Close current connection.
display Display operating parameters.
open Connect to a site.
quit Exit telnet.
set Set options (Type ‘set ?’ for a list).

NTLM Turn ON NTLM Authentication.
LOCAL_ECHO Turn ON LOCAL_ECHO.
TERM x (where x is ANSI, VT100, VT52, or VTNT)
CRLF Send both CR and LF
status Print status information.
unset Unset options (Type ‘unset ?’ for a list).

NTLM Turn OFF NTLM Authentication.
LOCAL_ECHO Turn OFF LOCAL_ECHO.
CRLF Send only CR (no LF is sent)
?/help Print help information.

Linux

  1. Open the your terminal application
  2. At the shell prompt, type: telnet exampleserver.com 23
  3. On a normal Unix machine the port is just the second argument on the command line.

Windows

  1. Click the start button
  2. Choose “run” from the start menu
  3. Type “cmd.exe” in to the run box
  4. At the cmd prompt, type: telnet exampleserver.com 23

Mac OS X

  1. Open the Applications menu or folder
  2. Select the Utilities folder
  3. Start the Terminal.app application
  4. At the shell prompt, type: telnet exampleserver.com 23
'Coz sharing is caring

How does remember me differ from session timeout

So what would a remember me bring to the party?

What’s important to distinguish here is the difference between a “session cookie” and a “remember me cookie”.

Since HTTP is a stateless protocol, a session cookie is used to tie several requests to a single user. Without it, every single request to your webserver is completely unrelated to every other request. Can you imagine writing applications without sessions? Every request is completely empty, no logins, no session variables..every request is an unknown user! This basically means no web applications!

Now, important thing here is to realise that you absolutely don’t want your session to last 24 hours! In my book, this is a very big no-no. The shorter your session is, the safer it is (at least theoretically). Why? Because a session can be hijacked! The longer your session is around, the more chance it has of being hijacked.

For example, imagine a banking application. Also, imagine your user is accessing it on a public PC (our user is not the brightest). So he’s managing his account or whatever..and his phone rings. Being an idiot, he takes the call and leaves, without logging out. Do you want your session to expire in 5 minutes, 15 minutes, or 24 hours? Don’t know about you, but for something as critical as online banking, I want that session gone ASAP.

Moving on to the “remember me” part.

So session cookie “connects” multiple requests in a single session, what does the “remember me” cookie do? In simple terms: it ties multiple sessions to a single user.

You want your site to be easy and pleasant to use, and logging in is almost never pleasant. It’s just an annoying thing you have to do every time before doing that thing you really want to do. A remember me cookie removes that annoyance.

You log in once, check the box, and now you’re always logged in on that PC. This is why you should never use “remember me” feature while on a shared PC, because the next person will have your identity. Legitimately. This is why remember me cookies are also a security risk, they can be hijacked much like the session cookie.

Finally, there is one crucial difference between a session cookie and a remember me cookie: expiration. Session cookies normally expire when you close your browser (or after a time you’ve specified explicitly), whereas remember me cookies typically last for much longer.

'Coz sharing is caring