Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec: Re: improvements in session management?

Re: improvements in session management?

From: Michael Ströder <michael_at_stroeder.com>
Date: Thu, 01 Apr 2004 09:23:38 +0200

dd wrote:
>
> This could include checking things like user agent,
> acceptable languages, but better by adding data that changes on each
> request via cookie, form field, etc (call this the SINGLEUSEID).

I see some problems with the usability (browser's back-button and concurrent
HTTP requests for images) when implementing session IDs which are only valid
for the next hit.

Ciao, Michael.
Received on Apr 01 2004

This message: [ Message body ]
Next message: Kevin Vanhaelen: "Re: Evading Client-Certificate Authentication"
Previous message: Michael Ströder: "Re: improvements in session management?"
In reply to: dd: "Re: improvements in session management?"
Next in thread: dd: "Re: improvements in session management?"
Reply: dd: "Re: improvements in session management?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]