What do you mean by "IIS session cookies"? Do you mean the ASPSESSIONID feature? And what do you mean by formed? Are you talking about the PRNG behind it, or how a developer can use them? Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: "Cade Cairns" <cairnscat_private> To: <webappsecat_private> Sent: Thursday, December 05, 2002 5:29 PM Subject: IIS session cookies > Hello webappsec, > > I'm looking for information on how IIS session cookies are formed (that > is, what data they consist of or how they are encoded, etc.) Is anyone > aware of any papers or resources on the subject? > > Thanks, > > Cade Cairns > Symantec Corporation > >
This archive was generated by hypermail 2b30 : Fri Dec 06 2002 - 11:00:12 PST