WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: post to bugtraq about "session fixation"

From: H D Moore <sflist () digitaloffense net>
Date: Fri, 20 Dec 2002 13:22:29 -0600
ASP.NET has a similar problem:

http://www.digitaloffense.net/confs/core02/slides/slide14.html

-HD

On Friday 20 December 2002 10:00, Cesar wrote:

You are right. It is an interesting and well written
paper.
But there is a wrong statement in paper, Microsoft
Internet Information Server is NOT "Strict", is a kind
of "Permissive" it will accept some proposed cookie
SessionID and i will create a new session.
Previous By Date Next
Previous By Thread Next

Current thread: