WebApp Sec: Re: improvements in session management?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: improvements in session management?

From: Michael Ströder <michael () stroeder com>
Date: Thu, 01 Apr 2004 09:23:38 +0200

dd wrote:

This could include checking things like user agent,acceptable languages, but better by adding data that changes on eachrequest via cookie, form field, etc (call this the SINGLEUSEID).

I see some problems with the usability (browser's back-button and concurrentHTTP requests for images) when implementing session IDs which are only validfor the next hit.


Ciao, Michael.

By Date By Thread

Current thread:

Re: improvements in session management? dd (Mar 31)
- Re: improvements in session management? Michael Ströder (Apr 01)
  - Re: improvements in session management? dd (Apr 01)
- RE: improvements in session management? WebAppSecurity [Technicalinfo.net] (Apr 01)
  - Re: improvements in session management? Michael Ströder (Apr 01)
    - Re: improvements in session management? Michael Ströder (Apr 01)
    - Re: improvements in session management? dd (Apr 01)