W3C home > Mailing lists > Public > public-wsc-wg@w3.org > May 2007

Re: Session Fixation Issues

From: Johnathan Nightingale <johnath@mozilla.com>
Date: Tue, 8 May 2007 13:21:00 -0400
Message-Id: <2F2739E0-C602-4D8C-B844-6B01D4FAC27C@mozilla.com>
Cc: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
To: Anil Saldhana <Anil.Saldhana@redhat.com>

Hi Anil,

I haven't heard it mentioned before, but it seems like this would be  
a difficult piece of context to communicate to novice users, and also  
a difficult piece to programmatically identify in the first place,  
since a SID-in-URL could look like almost anything.

I think the real action/recommendation here is on web site developers  
to not use SID-in-URL, but that would seem to be well outside our scope.

Cheers,

Johnathan

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com



On 8-May-07, at 1:05 PM, Anil Saldhana wrote:

>
> Hi all,
>  I am just wondering if ever this WG has come across requests to  
> handle session fixation.
> http://en.wikipedia.org/wiki/Session_fixation
>
> Regards,
> Anil
>
> -- 
> Anil Saldhana
> JBoss Security & Identity Management
> http://labs.jboss.com/portal/jbosssecurity/
>
>
Received on Tuesday, 8 May 2007 17:21:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:47 GMT