WebApp Sec mailing list archives
RE: Encrypted URL
From: Dean Saxe <Dean.Saxe () digitalinsight com>
Date: Mon, 2 Feb 2004 11:41:37 -0500
From what we have seen, it is not dependent on how you open windows (ctrl-N
vs shortcuts) it appears to be installation specific. -dhs -----Original Message----- From: Brecrost Jones [mailto:brecrost () hotmail com] Sent: Monday, February 02, 2004 11:26 AM To: webappsec () securityfocus com Cc: Dean Saxe Subject: Re: Encrypted URL
Hey Erik, We have this problem with our apps. It appears that MSIE, depending on how its installed, will sometimes share session cookies between browsers, causing what you describe below. Other times it will not share those session cookies, effectively allowing multiple browser windows to access a single app and differentiate between them. Unfortunately, this appears to be an option at installation and I don't know if it can be changed on the fly through registry settings or preferences. If it can be changed it would save me a lot of headaches with end users and QA. ;-)
I believe the behaviour you are describing is determined by whether you have multiple IE windows, or multiple instances of IE running. If you start IE, and hit ctrl-n or go File-->New-->Window, you get a new browser window, and session cookies are shared between the new windows. However, if you start IE, e.g. by double-clicking a shortcut, and then double-click the shortcut again, you have two instances of IE running and session cookies are not shared between them. I'm not sure, but maybe this will help with your headaches? _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn .com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
Current thread:
- Re: Encrypted URL, (continued)
- Re: Encrypted URL Fogbound Child (Jan 30)
- RE: Encrypted URL scott wood (Jan 30)
- Re: Encrypted URL Mark Curphey (Jan 30)
- Re: Encrypted URL gcb33 (Jan 31)
- RE: Encrypted URL Scovetta, Michael V (Jan 31)
- Re: Encrypted URL Erik Kangas (Jan 31)
- RE: Encrypted URL Dean Saxe (Feb 02)
- Re: Encrypted URL Jeremiah Cornelius (Feb 02)
- Re: Encrypted URL Fred van Engen (Feb 02)
- Re: Encrypted URL Jeremiah Cornelius (Feb 02)
- RE: Encrypted URL Dean Saxe (Feb 02)
- Re: Encrypted URL Brecrost Jones (Feb 02)