Re: Session Fixation Vulnerability in Web Based Apps

[James A. Donald]

    --
On 14 Jun 2003 at 21:42, Ben Laurie wrote:
> The obvious answer is you always switch to a new session
> after login. Nothing cleverer is required, surely?

I had dreamed up some rathe complicated solutions.


    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     ocf99Mr7YN0oLlYWkZsE57yUHWMocE0Z+gK2yQOU
     4RiX1d4bEHzLkunxq2FfwXmWFdySguhagGnZR4U7X


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]