WebApp Sec mailing list archives
Re: Session Fixation
From: "Matt Fisher" <mattfisher () comcast net>
Date: Tue, 1 Apr 2003 13:33:36 -0500
http://www.computerbytesman.com/privacy/supercookie.htm ----- Original Message ----- From: "Douglas Schlenker" <Douglas.Schlenker () RoyalRoads ca> To: <webappsec () fishnet co uk>; <webappsec () securityfocus com> Sent: Tuesday, April 01, 2003 12:17 PM Subject: RE: Session Fixation
Ok, I'm going to bite... can you explain what IE's ^Super Cookie^ is? I've never heard of this reference before and I'm quite interested. douglas Hi, Has anyone put the Internet Explorer ^Super Cookie^ to use ? For the particular app I am working on, I can guarantee that all the user are connecting with IE over ssl. Plus they all (mainly) go through a router from the same LAN, thus appear to have the same IP. I am currently logging the super cookie to try and determine if it really is unique enough. Regards Ian --
Current thread:
- Re: Session Fixation Ian (Apr 01)
- Re: Session Fixation Fred van Engen (Apr 01)
- <Possible follow-ups>
- RE: Session Fixation Douglas Schlenker (Apr 01)
- Re: Session Fixation Matt Fisher (Apr 01)
- Re: Session Fixation Alex Russell (Apr 01)
- RE: Session Fixation Cyrill Osterwalder (Apr 01)
- Re: Session Fixation Matt Fisher (Apr 01)