WebApp Sec mailing list archives
Re: improvements in session management?
From: dd <dd () ghettohackers net>
Date: Thu, 01 Apr 2004 13:45:22 -0800
Michael Ströder wrote:
dd wrote:This could include checking things like user agent, acceptable languages, but better by adding data that changes on each request via cookie, form field, etc (call this the SINGLEUSEID).I see some problems with the usability (browser's back-button and concurrent HTTP requests for images) when implementing session IDs which are only valid for the next hit.
For the use of a querystring or forms variable, yes. However in the case of a cookie things should work fine, even with back button since the new cookie will be transfered.
dd
Current thread:
- Re: improvements in session management? dd (Mar 31)
- Re: improvements in session management? Michael Ströder (Apr 01)
- Re: improvements in session management? dd (Apr 01)
- RE: improvements in session management? WebAppSecurity [Technicalinfo.net] (Apr 01)
- Re: improvements in session management? Michael Ströder (Apr 01)
- Re: improvements in session management? Michael Ströder (Apr 01)
- Re: improvements in session management? dd (Apr 01)
- RE: improvements in session management? WebAppSecurity [Technicalinfo.net] (Apr 01)
- Re: improvements in session management? Michael Ströder (Apr 01)
- Re: improvements in session management? Michael Ströder (Apr 01)
- <Possible follow-ups>
- Re: improvements in session management? Michael Ströder (Mar 31)
- Re: improvements in session management? Tim Akinbo (Apr 01)