WebApp Sec mailing list archives
Re: [Webappsec] Cookie Secure Attribute - Clarification
From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Fri, 26 Feb 2010 21:28:23 +0530
I'll relook it but I'm quite sure it was. I checked the Firefox Cookie Prefs where you can see the attributes, and it showed Secure there. Can a cookie appear as Secure in Firefox but not be "secure" otherwise? AFAIK No. Thnx Arvind On Fri, Feb 26, 2010 at 7:01 PM, Ray <gunblad3 () gmail com> wrote:
Amongst all the different things that could go wrong, based on your observations so far a first place to look is to determine for sure whether the secure attribute is really being sent along with the Set-Cookie header. You could achieve this with a network sniffer (tcpdump, wireshark, etc) or by using a firefox plugin like LiveHTTPHeaders. Ray.
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 27)
- Message not available
- Re: [Webappsec] Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 27)
- Message not available
- Message not available
- Cookie Secure Attribute - Clarification John Wilander (Feb 27)
- Re: Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 28)
- Re: Cookie Secure Attribute - Clarification 51l3n73y3s (Mar 01)
- Cookie Secure Attribute - Clarification John Wilander (Feb 27)