WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cookies as the second factor

From: "Jeff Robertson" <jeff.robertson () digitalinsight com>
Date: Tue, 18 Jul 2006 13:01:20 -0400
-----Original Message-----
From: Ryan Barnett [mailto:rcbarnett () gmail com] 

I think we are mixing persistent/session cookie concepts 
here.  I believe that the scenario that Jeff was trying to 
describe (and please correct me Jeff if I am wrong here) is 
if you use both a password and a persistent cookie to 
initially log into an appliaction and then the app can issue 
whatever sesisonid cookies it needs to track the session 
state and provide authorization.


Yes, this is the kind of thing I was thinking about.


-------------------------------------------------------------------------
Sponsored by: Watchfire

AppScan 6.5 is now available! New features for Web Services Testing,
Advanced Automated Capabilities for Penetration Testers, PCI Compliance
Reporting, Token Analysis, Authentication testing, Automated JavaScript
execution and much more.
Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: