|
WebApp Sec
mailing list archives
Re: IIS session cookies
From: Cade Cairns <cairnsc () securityfocus com>
Date: Fri, 6 Dec 2002 00:48:34 -0700 (MST)
I'm curious whether the ASPSESSIONID value generated is predictable and if
so, to what extent.
Cade Cairns
Symantec Corporation
On Thu, 5 Dec 2002, Kevin Spett wrote:
What do you mean by "IIS session cookies"? Do you mean the ASPSESSIONID
feature? And what do you mean by formed? Are you talking about the PRNG
behind it, or how a developer can use them?
Kevin Spett
SPI Labs
http://www.spidynamics.com/
----- Original Message -----
From: "Cade Cairns" <cairnsc () securityfocus com>
To: <webappsec () securityfocus com>
Sent: Thursday, December 05, 2002 5:29 PM
Subject: IIS session cookies
Hello webappsec,
I'm looking for information on how IIS session cookies are formed (that
is, what data they consist of or how they are encoded, etc.) Is anyone
aware of any papers or resources on the subject?
Thanks,
Cade Cairns
Symantec Corporation
 By Date 
By Thread
Current thread:
|
Intro
