WebApp Sec mailing list archives

Re: [Webappsec] Cookie Secure Attribute - Clarification

From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Fri, 26 Feb 2010 21:28:23 +0530

I'll relook it but I'm quite sure it was. I checked the Firefox Cookie
Prefs where you can see the attributes, and it showed Secure there.
Can a cookie appear as Secure in Firefox but not be "secure"
otherwise? AFAIK No.

Thnx
Arvind

On Fri, Feb 26, 2010 at 7:01 PM, Ray <gunblad3 () gmail com> wrote:

Amongst all the different things that could go wrong, based on your
observations so far a first place to look is to determine for sure
whether the secure attribute is really being sent along with the
Set-Cookie header.

You could achieve this with a network sniffer (tcpdump, wireshark,
etc) or by using a firefox plugin like LiveHTTPHeaders.

Ray.




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 27)
- Message not available
  - Re: [Webappsec] Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 27)
- Message not available
  - Cookie Secure Attribute - Clarification John Wilander (Feb 27)
    - Re: Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 28)
    - Re: Cookie Secure Attribute - Clarification 51l3n73y3s (Mar 01)
- Re: Cookie Secure Attribute - Clarification 51l3n73y3s (Feb 27)