Cookiless Session Is it a security
Posted
by Costa
on Stack Overflow
See other posts from Stack Overflow
or by Costa
Published on 2010-04-15T13:31:34Z
Indexed on
2010/04/15
13:33 UTC
Read the original article
Hit count: 164
Hi
http://msdn.microsoft.com/en-us/library/aa479314.aspx
You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniffer the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user.
Thanks
© Stack Overflow or respective owner