WebApp Sec mailing list archives
Re: improvements in session management?
From: Michael Ströder <michael () stroeder com>
Date: Thu, 01 Apr 2004 09:23:38 +0200
dd wrote:
This could include checking things like user agent, acceptable languages, but better by adding data that changes on each request via cookie, form field, etc (call this the SINGLEUSEID).
I see some problems with the usability (browser's back-button and concurrent HTTP requests for images) when implementing session IDs which are only valid for the next hit.
Ciao, Michael.
Current thread:
- Re: improvements in session management? dd (Mar 31)
- Re: improvements in session management? Michael Ströder (Apr 01)
- Re: improvements in session management? dd (Apr 01)
- RE: improvements in session management? WebAppSecurity [Technicalinfo.net] (Apr 01)
- Re: improvements in session management? Michael Ströder (Apr 01)
- Re: improvements in session management? Michael Ströder (Apr 01)
- Re: improvements in session management? dd (Apr 01)
- RE: improvements in session management? WebAppSecurity [Technicalinfo.net] (Apr 01)
- Re: improvements in session management? Michael Ströder (Apr 01)
- Re: improvements in session management? Michael Ströder (Apr 01)
- <Possible follow-ups>
- Re: improvements in session management? Michael Ströder (Mar 31)
- Re: improvements in session management? Tim Akinbo (Apr 01)