WebApp Sec mailing list archives
Re: IIS session cookies
From: Cade Cairns <cairnsc () securityfocus com>
Date: Fri, 6 Dec 2002 00:48:34 -0700 (MST)
I'm curious whether the ASPSESSIONID value generated is predictable and if so, to what extent. Cade Cairns Symantec Corporation On Thu, 5 Dec 2002, Kevin Spett wrote:
What do you mean by "IIS session cookies"? Do you mean the ASPSESSIONID feature? And what do you mean by formed? Are you talking about the PRNG behind it, or how a developer can use them? Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: "Cade Cairns" <cairnsc () securityfocus com> To: <webappsec () securityfocus com> Sent: Thursday, December 05, 2002 5:29 PM Subject: IIS session cookiesHello webappsec, I'm looking for information on how IIS session cookies are formed (that is, what data they consist of or how they are encoded, etc.) Is anyone aware of any papers or resources on the subject? Thanks, Cade Cairns Symantec Corporation
Current thread:
- IIS session cookies Cade Cairns (Dec 05)
- Re: IIS session cookies Takayuki Nakamura (Dec 07)
- Re: IIS session cookies Kevin Spett (Dec 07)
- Re: IIS session cookies Cade Cairns (Dec 07)
- Re: IIS session cookies Kevin Spett (Dec 07)
- Re: IIS session cookies Cade Cairns (Dec 07)
- <Possible follow-ups>
- RE: IIS session cookies Michael Howard (Dec 07)
- Re: IIS session cookies securityarchitect (Dec 07)
- RE: IIS session cookies Forrest Lee Andrews (Dec 07)
- RE: IIS session cookies Kapila, Sai (Dec 08)