WebApp Sec mailing list archives

Re: IIS session cookies

From: "Kevin Spett" <kspett () spidynamics com>
Date: Thu, 5 Dec 2002 19:34:15 -0500

What do you mean by "IIS session cookies"?  Do you mean the ASPSESSIONID
feature? And what do you mean by formed?  Are you talking about the PRNG
behind it, or how a developer can use them?


Kevin Spett
SPI Labs
http://www.spidynamics.com/

----- Original Message -----
From: "Cade Cairns" <cairnsc () securityfocus com>
To: <webappsec () securityfocus com>
Sent: Thursday, December 05, 2002 5:29 PM
Subject: IIS session cookies

Hello webappsec,

I'm looking for information on how IIS session cookies are formed (that
is, what data they consist of or how they are encoded, etc.)  Is anyone
aware of any papers or resources on the subject?

Thanks,

Cade Cairns
Symantec Corporation

Current thread:

IIS session cookies Cade Cairns (Dec 05)
- Re: IIS session cookies Takayuki Nakamura (Dec 07)
- Re: IIS session cookies Kevin Spett (Dec 07)
  - Re: IIS session cookies Cade Cairns (Dec 07)
    - Re: IIS session cookies Kevin Spett (Dec 07)
- <Possible follow-ups>
- RE: IIS session cookies Michael Howard (Dec 07)
- Re: IIS session cookies securityarchitect (Dec 07)
  - RE: IIS session cookies Forrest Lee Andrews (Dec 07)
- RE: IIS session cookies Kapila, Sai (Dec 08)