|
WebApp Sec
mailing list archives
Re: Encrypted URL
From: "Brecrost Jones" <brecrost () hotmail com>
Date: Mon, 02 Feb 2004 09:25:45 -0700
Hey Erik,
We have this problem with our apps. It appears that MSIE, depending on how
its installed, will sometimes share session cookies between browsers,
causing what you describe below. Other times it will not share those
session cookies, effectively allowing multiple browser windows to access a
single app and differentiate between them.
Unfortunately, this appears to be an option at installation and I don't
know
if it can be changed on the fly through registry settings or preferences.
If it can be changed it would save me a lot of headaches with end users and
QA. ;-)
I believe the behaviour you are describing is determined by whether you have
multiple IE windows, or multiple instances of IE running. If you start IE,
and hit ctrl-n or go File-->New-->Window, you get a new browser window, and
session cookies are shared between the new windows. However, if you start
IE, e.g. by double-clicking a shortcut, and then double-click the shortcut
again, you have two instances of IE running and session cookies are not
shared between them.
I'm not sure, but maybe this will help with your headaches?
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
 By Date 
By Thread
Current thread:
- RE: Encrypted URL, (continued)
|
Intro
