WebApp Sec mailing list archives

Re: Maia Mailgaurd http://www.renaissoft.com/maia/

From: Andy bentley <andy () bentleyconsulting biz>
Date: Mon, 18 Jul 2005 11:45:59 -0400

Christopher Canova wrote:

What are the risks to enforcing session handling using cookies? Will it
break functionality for many people? Are the risks of including the SID
in the URL worse than cookies?

Stelian Ene wrote:
The obvious solution is to present the user with a check box "Use
cookie", checked by default.
If the user unchecks it, revert to the default, url-based session traking.

Many Gov & Corp. users are not allowed to accept cookies by policy.These users do not have the ability to change their browser settings toaccept cookies. It is also easier (development, support, maintenancewise) to only have one way of managing session info in your proxy/app.


Andy Bentley

Current thread:

Re: Maia Mailgaurd http://www.renaissoft.com/maia/, (continued)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Chuck (Jul 18)
  - Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Achim Hoffmann (Jul 18)
    - RE: Maia Mailgaurd http://www.renaissoft.com/maia/ Guillaume Vissian (Jul 18)
    - PHP Session ID's focus (Jul 19)
    - Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Chuck (Jul 18)
    - Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Chuck (Jul 18)
    - Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Achim Hoffmann (Jul 20)
    - Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Chuck (Jul 20)
    - Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Achim Hoffmann (Jul 21)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Stelian Ene (Jul 18)
  - Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Andy bentley (Jul 18)