The cookie generator is an extension that allows you to generate cookies. In computer1, I pressed "page information" - "cookies" - and I copied the information of "CASTGC" cookie.
I put this information in a cookie on computer2, and I could access my applications like I was the user authenticated in computer1. ________________________________ From: Madhavi Polisetty <[email protected]> To: [email protected] Sent: Friday, June 10, 2011 6:37 PM Subject: re:[cas-user] Security question - Generating cookie manually May be I am not understanding it completely but in a real environment, how would the "Cookie Generator" code get access to the session cookie(TGC) from the first browser? Assuming I am right? How would the test flow you mentioned pose any security threat? Thanks Madhavi -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
