WebApp Sec mailing list archives
Re: IIS session cookies
From: "Kevin Spett" <kspett () spidynamics com>
Date: Thu, 5 Dec 2002 19:34:15 -0500
What do you mean by "IIS session cookies"? Do you mean the ASPSESSIONID feature? And what do you mean by formed? Are you talking about the PRNG behind it, or how a developer can use them? Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: "Cade Cairns" <cairnsc () securityfocus com> To: <webappsec () securityfocus com> Sent: Thursday, December 05, 2002 5:29 PM Subject: IIS session cookies
Hello webappsec, I'm looking for information on how IIS session cookies are formed (that is, what data they consist of or how they are encoded, etc.) Is anyone aware of any papers or resources on the subject? Thanks, Cade Cairns Symantec Corporation
Current thread:
- IIS session cookies Cade Cairns (Dec 05)
- Re: IIS session cookies Takayuki Nakamura (Dec 07)
- Re: IIS session cookies Kevin Spett (Dec 07)
- Re: IIS session cookies Cade Cairns (Dec 07)
- Re: IIS session cookies Kevin Spett (Dec 07)
- Re: IIS session cookies Cade Cairns (Dec 07)
- <Possible follow-ups>
- RE: IIS session cookies Michael Howard (Dec 07)
- Re: IIS session cookies securityarchitect (Dec 07)
- RE: IIS session cookies Forrest Lee Andrews (Dec 07)
- RE: IIS session cookies Kapila, Sai (Dec 08)