Session Fixation Vulnerability in Web Based Apps

James A. Donald jamesd at echeque.com
Sat Jun 14 18:45:47 EDT 2003


    --
On 14 Jun 2003 at 21:42, Ben Laurie wrote:
> The obvious answer is you always switch to a new session
> after login. Nothing cleverer is required, surely?

I had dreamed up some rathe complicated solutions.


    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     ocf99Mr7YN0oLlYWkZsE57yUHWMocE0Z+gK2yQOU
     4RiX1d4bEHzLkunxq2FfwXmWFdySguhagGnZR4U7X


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list