Home page logo

webappsec logo WebApp Sec mailing list archives

Re: improvements in session management?
From: dd <dd () ghettohackers net>
Date: Thu, 01 Apr 2004 13:45:22 -0800

Michael Ströder wrote:

dd wrote:

This could include checking things like user agent, acceptable languages, but better by adding data that changes on each request via cookie, form field, etc (call this the SINGLEUSEID).

I see some problems with the usability (browser's back-button and concurrent HTTP requests for images) when implementing session IDs which are only valid for the next hit.

For the use of a querystring or forms variable, yes. However in the case of a cookie things should work fine, even with back button since the new cookie will be transfered.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]