[13635] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Session Fixation Vulnerability in Web Based Apps

daemon@ATHENA.MIT.EDU (James A. Donald)
Sat Jun 14 19:44:00 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 14 Jun 2003 15:45:47 -0700
From: "James A. Donald" <jamesd@echeque.com>
In-reply-to: <3EEB88CF.2040000@algroup.co.uk>
To: Ben Laurie <ben@algroup.co.uk>
Cc: cryptography@metzdowd.com

    --
On 14 Jun 2003 at 21:42, Ben Laurie wrote:
> The obvious answer is you always switch to a new session
> after login. Nothing cleverer is required, surely?

I had dreamed up some rathe complicated solutions.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     ocf99Mr7YN0oLlYWkZsE57yUHWMocE0Z+gK2yQOU
     4RiX1d4bEHzLkunxq2FfwXmWFdySguhagGnZR4U7X

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[13635] in cryptography@c2.net mail archive

Re: Session Fixation Vulnerability in Web Based Apps

daemon@ATHENA.MIT.EDU (James A. Donald)Sat Jun 14 19:44:00 2003

daemon@ATHENA.MIT.EDU (James A. Donald)
Sat Jun 14 19:44:00 2003