Re: Session Fixation

[Fred van Engen <fred.van.engen () xbn nl>]

Hi,

On Tue, Apr 01, 2003 at 09:50:32AM +0100, Ian wrote:
> Has anyone put the Internet Explorer ^Super Cookie^ to use ?
>
> For the particular app I am working on, I can guarantee that all the 
> user are connecting with IE over ssl.  Plus they all (mainly) go 
> through a router from the same LAN, thus appear to have the same IP.
>
> I am currently logging the super cookie to try and determine if it 
> really is unique enough.

> From this description I can not determine your exact situation, but
you might be interested in the provacy settings of the WMedia Player.

The default in WMedia 9 is not to send a unique Player ID and not to
return it through script calls. You'll always get the same Player ID
from every player, i.e. {3300AD50-2C39-46c0-AE0A-000000000000}.

The Windows XP WMedia Player (version 8) returns a supposedly random
Player ID {3300AD50-2C39-46c0-AE0A-XXXXXXXXXXXX}.

So it seems you must force your users to enable unique Player ID's, the
value of which they could even change in the registry if they like.


Regards,

Fred.

-- 
Fred van Engen                              XB Networks B.V.
email: fred.van.engen () xbn nl                Televisieweg 2
tel: +31 36 5462400                         1322 AC  Almere
fax: +31 36 5462424                         The Netherlands