WebApp Sec mailing list archives

Re: Session security with cookies

From: Thomas <tom () electric-sheep org>
Date: Wed, 5 Dec 2007 08:27:45 +0100

-Ensure the session times out in a reasonable amount of time


Timeouts have to be enforced by the server because cookie lifetime is not
mandatory and can be ignored or/and modified by the client.

-- 
Tom <tom () electric-sheep org>
fingerprint = F055 43E5 1F3C 4F4F 9182  CD59 DBC6 111A 8516 8DBF

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Current thread:

Session security with cookies Till Elsner (Dec 04)
- Re: Session security with cookies Paul Johnston (Dec 04)
- RE: Session security with cookies Jeffory Atkinson (Dec 04)
  - Re: Session security with cookies bugtraq (Dec 04)
  - Re: Session security with cookies Thomas (Dec 05)
    - Re: Session security with cookies Aaron Katz (Dec 05)
    - Re: Session security with cookies Aaron Katz (Dec 05)
  - Re: Session security with cookies Vicente Aguilera (Dec 05)
    - RE: Session security with cookies WebAppSec (Dec 08)
- Re: Session security with cookies Ron (Dec 04)
  - Re: Session security with cookies Aaron Katz (Dec 04)
    - Re: Session security with cookies Till Elsner (Dec 05)
    - Re: Session security with cookies Aaron Katz (Dec 05)
    - Re: Session security with cookies Till Elsner (Dec 05)
    - Re: Session security with cookies Aaron Katz (Dec 05)

(Thread continues...)