WebApp Sec mailing list archives
RE: Web site cookie overload?
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Mon, 24 Jan 2005 14:53:56 -0500
I'm not sure how relavent assigning new cookie values would be. I think what matters is how long a Web site keeps information in its back-end database associated with a particular cookie value and how much data is associated with a cookie value. Do Web sites typically age out data associated with inactive cookies? If so, how long do they wait before throwing away data associated with a cookie value? Richard -----Original Message----- From: Griffiths, Ian [mailto:ian.griffiths () liv-coll ac uk] Sent: Monday, January 24, 2005 5:02 AM To: webappsec () securityfocus com Subject: Re: Web site cookie overload? A lot of the apps that I have seen re-write the cookie anyway to maintain a 'last active' type date, and I don't think it would make much difference to the server if the cookie still exists and is over-written or is new. Ian ----- Original Message ----- From: "Nick" <nseward () cscn com> To: <webappsec () securityfocus com> Sent: Wednesday, January 19, 2005 8:26 AM Subject: Re: Web site cookie overload? On January 18, 2005 02:59 am, Richard M. Smith wrote:
What I am wondering is what will happen at high volume Web sites if a lot of folks started running the same cookie tosser that I am using. Will Web sites start breaking down because of an overload of cookies being assign
to
too many unique visitors?
Current thread:
- Web site cookie overload? Richard M. Smith (Jan 19)
- Re: Web site cookie overload? Nick (Jan 23)
- Re: Web site cookie overload? Griffiths, Ian (Jan 24)
- RE: Web site cookie overload? Richard M. Smith (Jan 24)
- Re: Web site cookie overload? Alexander Klimov (Jan 27)
- Re: Web site cookie overload? Nick Seward (Jan 27)
- Re: Web site cookie overload? Alexander Klimov (Jan 27)
- Re: Web site cookie overload? Griffiths, Ian (Jan 24)
- Re: Web site cookie overload? Nick (Jan 23)