WebApp Sec: Re: Session Fixation

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Session Fixation

From: "Matt Fisher" <mattfisher () comcast net>
Date: Tue, 1 Apr 2003 13:33:36 -0500

http://www.computerbytesman.com/privacy/supercookie.htm



----- Original Message -----
From: "Douglas Schlenker" <Douglas.Schlenker () RoyalRoads ca>
To: <webappsec () fishnet co uk>; <webappsec () securityfocus com>
Sent: Tuesday, April 01, 2003 12:17 PM
Subject: RE: Session Fixation

Ok, I'm going to bite... can you explain what IE's ^Super Cookie^ is? I've
never heard of this reference before and I'm quite interested.

douglas

Hi,

Has anyone put the Internet Explorer ^Super Cookie^ to use ?

For the particular app I am working on, I can guarantee that all the
user are connecting with IE over ssl.  Plus they all (mainly) go
through a router from the same LAN, thus appear to have the same IP.

I am currently logging the super cookie to try and determine if it
really is unique enough.

Regards

Ian
--

By Date By Thread

Current thread:

Re: Session Fixation Ian (Apr 01)
- Re: Session Fixation Fred van Engen (Apr 01)
- <Possible follow-ups>
- RE: Session Fixation Douglas Schlenker (Apr 01)
  - Re: Session Fixation Matt Fisher (Apr 01)
    - Re: Session Fixation Alex Russell (Apr 01)
  - RE: Session Fixation Cyrill Osterwalder (Apr 01)