WebApp Sec mailing list archives
Re: Maia Mailgaurd http://www.renaissoft.com/maia/
From: Andy bentley <andy () bentleyconsulting biz>
Date: Mon, 18 Jul 2005 11:45:59 -0400
Christopher Canova wrote:
Many Gov & Corp. users are not allowed to accept cookies by policy. These users do not have the ability to change their browser settings to accept cookies. It is also easier (development, support, maintenance wise) to only have one way of managing session info in your proxy/app.What are the risks to enforcing session handling using cookies? Will it break functionality for many people? Are the risks of including the SID in the URL worse than cookies?Stelian Ene wrote: The obvious solution is to present the user with a check box "Use cookie", checked by default. If the user unchecks it, revert to the default, url-based session traking.
Andy Bentley
Current thread:
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/, (continued)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Chuck (Jul 18)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Achim Hoffmann (Jul 18)
- RE: Maia Mailgaurd http://www.renaissoft.com/maia/ Guillaume Vissian (Jul 18)
- PHP Session ID's focus (Jul 19)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Chuck (Jul 18)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Chuck (Jul 18)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Achim Hoffmann (Jul 20)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Chuck (Jul 20)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Achim Hoffmann (Jul 21)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Achim Hoffmann (Jul 18)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Chuck (Jul 18)
- Re: Maia Mailgaurd http://www.renaissoft.com/maia/ Andy bentley (Jul 18)