WebApp Sec mailing list archives
Re: How to protect against cookie stealing?
From: Chris Green <cmg () sourcefire com>
Date: Fri, 25 Jul 2003 14:10:57 -0400
".:[ Death Star]:." <deathstar () optonline net> writes:
There is another solution, you can use both sessionID's and cookies, so based on the IP address you would look for the cookie before giving the user access control. The session ID will store 2 fields (example userid and associated ip address) the cookie will hold other fields. And u can use multiple sessions and multiple cookies that will be destroyed upon opening another page.
Has anyone going down this route of incorporating an IP address into the cookie gotten pushback from people on networks with multiple proxies or routing rules? -- Chris Green <cmg () sourcefire com> Don't use a big word where a diminutive one will suffice.
Current thread:
- How to protect against cookie stealing? Phil Cox (Jul 24)
- Re: How to protect against cookie stealing? Brant Langer Gurganus (Jul 24)
- Re: How to protect against cookie stealing? Bill Pennington (Jul 24)
- Re: How to protect against cookie stealing? Marc Slemko (Jul 27)
- <Possible follow-ups>
- RE: How to protect against cookie stealing? Dawes, Rogan (ZA - Johannesburg) (Jul 24)
- RE: How to protect against cookie stealing? .:[ Death Star]:. (Jul 24)
- Re: How to protect against cookie stealing? Chris Green (Jul 26)
- Re: How to protect against cookie stealing? Erik Kangas, PhD (Jul 26)
- RE: How to protect against cookie stealing? .:[ Death Star]:. (Jul 24)
- RE: How to protect against cookie stealing? Ingo Struck (Jul 24)
- RE: How to protect against cookie stealing? Gabriel Lawrence (Jul 27)
- Re: How to protect against cookie stealing? Mark Reardon (Jul 24)
- Re: How to protect against cookie stealing? Ken Anderson (Jul 24)
- RE: How to protect against cookie stealing? Dawes, Rogan (ZA - Johannesburg) (Jul 27)
- RE: How to protect against cookie stealing? .:[ Death Star]:. (Jul 27)
- RE: How to protect against cookie stealing? Dawes, Rogan (ZA - Johannesburg) (Jul 27)
- RE: How to protect against cookie stealing? Dawes, Rogan (ZA - Johannesburg) (Jul 28)
- RE: How to protect against cookie stealing? PortSwigger (Jul 29)