WebApp Sec mailing list archives
Re: Session Fixation
From: Fred van Engen <fred.van.engen () xbn nl>
Date: Tue, 1 Apr 2003 23:01:56 +0200
Hi, On Tue, Apr 01, 2003 at 09:50:32AM +0100, Ian wrote:
Has anyone put the Internet Explorer ^Super Cookie^ to use ? For the particular app I am working on, I can guarantee that all the user are connecting with IE over ssl. Plus they all (mainly) go through a router from the same LAN, thus appear to have the same IP. I am currently logging the super cookie to try and determine if it really is unique enough.
From this description I can not determine your exact situation, but
you might be interested in the provacy settings of the WMedia Player. The default in WMedia 9 is not to send a unique Player ID and not to return it through script calls. You'll always get the same Player ID from every player, i.e. {3300AD50-2C39-46c0-AE0A-000000000000}. The Windows XP WMedia Player (version 8) returns a supposedly random Player ID {3300AD50-2C39-46c0-AE0A-XXXXXXXXXXXX}. So it seems you must force your users to enable unique Player ID's, the value of which they could even change in the registry if they like. Regards, Fred. -- Fred van Engen XB Networks B.V. email: fred.van.engen () xbn nl Televisieweg 2 tel: +31 36 5462400 1322 AC Almere fax: +31 36 5462424 The Netherlands
Current thread:
- Re: Session Fixation Ian (Apr 01)
- Re: Session Fixation Fred van Engen (Apr 01)
- <Possible follow-ups>
- RE: Session Fixation Douglas Schlenker (Apr 01)
- Re: Session Fixation Matt Fisher (Apr 01)
- Re: Session Fixation Alex Russell (Apr 01)
- RE: Session Fixation Cyrill Osterwalder (Apr 01)
- Re: Session Fixation Matt Fisher (Apr 01)