WebApp Sec mailing list archives
Re: Cookie not expiring...
From: Thomas Chiverton <thomas.chiverton () bluefinger com>
Date: Wed, 17 Aug 2005 09:28:55 +0100
On Tuesday 16 August 2005 18:08, spawn security wrote:
FormsAuthentication.SignOut method works by returning a Set-Cookie
I would hope sesssion.Abandon() kills the server side session too. Have you tried stealing the cookie ? -- Tom Chiverton Advanced ColdFusion Programmer
Current thread:
- Cookie not expiring... spawn security (Aug 16)
- Re: Cookie not expiring... bryan allott (Aug 17)
- RE: Cookie not expiring... Dan Simon (Aug 17)
- Re: Cookie not expiring... Rogan Dawes (Aug 17)
- Re: Cookie not expiring... Thomas Chiverton (Aug 17)
- <Possible follow-ups>
- RE: Cookie not expiring... Steven Rebello (Aug 17)
- RE: Cookie not expiring... David Knapman (Aug 17)
- Re: Cookie not expiring... dharmeshmm (Aug 17)
- RE: Cookie not expiring... Dan Simon (Aug 17)
- Windows 2003 Server Hardening Joe Osborn (Aug 18)
- Re: Windows 2003 Server Hardening jcarr083 (Aug 19)
- RE: Windows 2003 Server Hardening Sarbjit Singh Gill (Aug 19)
- RE: Windows 2003 Server Hardening Aleksander P. Czarnowski (Aug 19)
- RE: Cookie not expiring... Dan Simon (Aug 17)
- Re: Cookie not expiring... bryan allott (Aug 17)