Re: IIS session cookies

From: Kevin Spett (kspettat_private)
Date: Thu Dec 05 2002 - 16:34:15 PST

Next message: securityarchitectat_private: "Re: IIS session cookies"

Previous message: Michael Howard: "RE: IIS session cookies"
Next in thread: securityarchitectat_private: "Re: IIS session cookies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

What do you mean by "IIS session cookies"?  Do you mean the ASPSESSIONID
feature? And what do you mean by formed?  Are you talking about the PRNG
behind it, or how a developer can use them?


Kevin Spett
SPI Labs
http://www.spidynamics.com/

----- Original Message -----
From: "Cade Cairns" <cairnscat_private>
To: <webappsecat_private>
Sent: Thursday, December 05, 2002 5:29 PM
Subject: IIS session cookies


> Hello webappsec,
>
> I'm looking for information on how IIS session cookies are formed (that
> is, what data they consist of or how they are encoded, etc.)  Is anyone
> aware of any papers or resources on the subject?
>
> Thanks,
>
> Cade Cairns
> Symantec Corporation
>
>

Next message: securityarchitectat_private: "Re: IIS session cookies"
Previous message: Michael Howard: "RE: IIS session cookies"
Next in thread: securityarchitectat_private: "Re: IIS session cookies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 06 2002 - 11:00:12 PST