Session Fixation Vulnerability in Web Based Apps
James A. Donald
jamesd at echeque.com
Sat Jun 14 18:45:47 EDT 2003
--
On 14 Jun 2003 at 21:42, Ben Laurie wrote:
> The obvious answer is you always switch to a new session
> after login. Nothing cleverer is required, surely?
I had dreamed up some rathe complicated solutions.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
ocf99Mr7YN0oLlYWkZsE57yUHWMocE0Z+gK2yQOU
4RiX1d4bEHzLkunxq2FfwXmWFdySguhagGnZR4U7X
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list