[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webappsec
Subject:    Re: post to bugtraq about "session fixation"
From:       H D Moore <sflist () digitaloffense ! net>
Date:       2002-12-20 19:22:29
[Download RAW message or body]

ASP.NET has a similar problem:

http://www.digitaloffense.net/confs/core02/slides/slide14.html

-HD

On Friday 20 December 2002 10:00, Cesar wrote:
> You are right. It is an interesting and well written
> paper.
> But there is a wrong statement in paper, Microsoft
> Internet Information Server is NOT "Strict", is a kind
> of "Permissive" it will accept some proposed cookie
> SessionID and i will create a new session.



[prev in list] [next in list] [prev in thread] [next in thread]