WebApp Sec mailing list archives

Re: improvements in session management?

From: dd <dd () ghettohackers net>
Date: Thu, 01 Apr 2004 13:45:22 -0800

Michael Ströder wrote:

dd wrote:
This could include checking things like user agent, acceptablelanguages, but better by adding data that changes on each request viacookie, form field, etc (call this the SINGLEUSEID).
I see some problems with the usability (browser's back-button andconcurrent HTTP requests for images) when implementing session IDs whichare only valid for the next hit.

For the use of a querystring or forms variable, yes. However in thecase of a cookie things should work fine, even with back button sincethe new cookie will be transfered.

dd

Current thread:

Re: improvements in session management? dd (Mar 31)
- Re: improvements in session management? Michael Ströder (Apr 01)
  - Re: improvements in session management? dd (Apr 01)
- RE: improvements in session management? WebAppSecurity [Technicalinfo.net] (Apr 01)
  - Re: improvements in session management? Michael Ströder (Apr 01)
    - Re: improvements in session management? Michael Ströder (Apr 01)
    - Re: improvements in session management? dd (Apr 01)
    - RE: improvements in session management? WebAppSecurity [Technicalinfo.net] (Apr 01)
- <Possible follow-ups>
- Re: improvements in session management? Michael Ströder (Mar 31)
- Re: improvements in session management? Tim Akinbo (Apr 01)