WebApp Sec: RE: Session Fixation

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

RE: Session Fixation

From: Douglas Schlenker <Douglas.Schlenker () RoyalRoads ca>
Date: Tue, 1 Apr 2003 09:17:38 -0800

Ok, I'm going to bite... can you explain what IE's ^Super Cookie^ is? I've
never heard of this reference before and I'm quite interested.

douglas

Hi,

Has anyone put the Internet Explorer ^Super Cookie^ to use ?

For the particular app I am working on, I can guarantee that all the 
user are connecting with IE over ssl.  Plus they all (mainly) go 
through a router from the same LAN, thus appear to have the same IP.

I am currently logging the super cookie to try and determine if it 
really is unique enough.

Regards

Ian
--

By Date By Thread

Current thread:

Re: Session Fixation Ian (Apr 01)
- Re: Session Fixation Fred van Engen (Apr 01)
- <Possible follow-ups>
- RE: Session Fixation Douglas Schlenker (Apr 01)
  - Re: Session Fixation Matt Fisher (Apr 01)
    - Re: Session Fixation Alex Russell (Apr 01)
  - RE: Session Fixation Cyrill Osterwalder (Apr 01)