WebApp Sec mailing list archives
Re: post to bugtraq about "session fixation"
From: H D Moore <sflist () digitaloffense net>
Date: Fri, 20 Dec 2002 13:22:29 -0600
ASP.NET has a similar problem: http://www.digitaloffense.net/confs/core02/slides/slide14.html -HD On Friday 20 December 2002 10:00, Cesar wrote:
You are right. It is an interesting and well written paper. But there is a wrong statement in paper, Microsoft Internet Information Server is NOT "Strict", is a kind of "Permissive" it will accept some proposed cookie SessionID and i will create a new session.
Current thread:
- post to bugtraq about "session fixation" Alex Russell (Dec 18)
- <Possible follow-ups>
- Re: post to bugtraq about "session fixation" securityarchitect (Dec 18)
- Re: post to bugtraq about "session fixation" Kevin Spett (Dec 18)
- Re: post to bugtraq about "session fixation" Alex Russell (Dec 18)
- Re: post to bugtraq about "session fixation" Kevin Spett (Dec 18)
- Re: post to bugtraq about "session fixation" Panayiotis A. Thermos (Dec 18)
- Re: post to bugtraq about "session fixation" Steven M. Christey (Dec 19)
- Re: post to bugtraq about "session fixation" Cesar (Dec 20)
- Re: post to bugtraq about "session fixation" H D Moore (Dec 20)
- Re: post to bugtraq about "session fixation" Cesar (Dec 20)