WebApp Sec mailing list archives
Re: Unable to impersonate another user although having its cookie
From: José Manuel Molina Pascual <raistlinmolina () gmail com>
Date: Mon, 6 Jul 2009 20:22:43 +0200
It's very easy to get the ip of the client and invalidate the session if the session (obtained from the cookie) and the ip do not match what the app has stored from previous requests. Maybe is your case. BR -- You never see animals going through the absurd and often horrible fooleries of magic and religion... Dogs do not ritually urinate in the hope of persuading heaven to do the same and send down rain. Asses do not bray a liturgy to cloudless skies. Nor do cats attempt, by abstinence from cat's meat, to wheedle the feline spirits into benevolence. Only man behaves with such gratuitous folly. It is the price he has to pay for being intelligent but not, as yet, quite intelligent enough. (Aldoux Huxley) It has become almost a cliche to remark that nobody boasts of ignorance of literature, but it is socially acceptable to boast ignorance of science and proudly claim incompetence in mathematics. (Richard Dawkins) Most people would sooner die than think; in fact, they do so. (Bertrand Russell). Either you repeat the same conventional doctrines everybody is saying, or else you say something true, and it will sound like it's from Neptune. (Noam Chomsky)
Current thread:
- Re: Unable to impersonate another user although having its cookie, (continued)
- Message not available
- Re: Unable to impersonate another user although having its cookie jay . tomas (Jul 01)
- Re: Unable to impersonate another user although having its cookie Marc Ouwerkerk (Jul 01)
- Re: Unable to impersonate another user although having its cookie S I (Jul 01)
- Re: Unable to impersonate another user although having its cookie Heine Deelstra (Jul 01)
- Re: [SOLVED] Unable to impersonate another user although having its cookie Juan Kinunt (Jul 06)
- Re: Unable to impersonate another user although having its cookie Michael Yelland (Jul 01)
- Re: Unable to impersonate another user although having its cookie Guillermo Caminer (Jul 06)
- Re: Unable to impersonate another user although having its cookie José Manuel Molina Pascual (Jul 06)