Re: Session Fixation

["Matt Fisher" <mattfisher () comcast net>]

http://www.computerbytesman.com/privacy/supercookie.htm



----- Original Message -----
From: "Douglas Schlenker" <Douglas.Schlenker () RoyalRoads ca>
To: <webappsec () fishnet co uk>; <webappsec () securityfocus com>
Sent: Tuesday, April 01, 2003 12:17 PM
Subject: RE: Session Fixation


> Ok, I'm going to bite... can you explain what IE's ^Super Cookie^ is? I've
> never heard of this reference before and I'm quite interested.
>
> douglas
>
> Hi,
>
> Has anyone put the Internet Explorer ^Super Cookie^ to use ?
>
> For the particular app I am working on, I can guarantee that all the
> user are connecting with IE over ssl.  Plus they all (mainly) go
> through a router from the same LAN, thus appear to have the same IP.
>
> I am currently logging the super cookie to try and determine if it
> really is unique enough.
>
> Regards
>
> Ian
> --