Maintaining state - security issue?

Results 1 to 2 of 2

Thread: Maintaining state - security issue?

  1. #1
    Join Date
    Dec 1969

    Default Maintaining state - security issue?

    SSL is often used to ensure that data sent between a client and webserver is secure from potential "listeners" elsewhere. Some sites use the Microsoft ISAPI filter, "Cookie Munger" to parse all URLS on a page to include the session ID as part of the querystring. This is to help maintain state if the clients browser has cookies disables. Whilst browsing an SSL encrypted website, the querystring containing the session ID, I assume, will not be encrypted. Does this mean that a potential intruder can capture this querystring and take part in that session? Is this a security threat for e-commerce sites implementing this method of maintaining state?

  2. #2
    Join Date
    Dec 1969

    Default RE: Maintaining state - security issue?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts