[Esapi-user] SideJacking Question

Lukas, Ray Ray.Lukas at supermedia.com
Wed May 25 11:47:54 EDT 2011


I am new, very new, so... 
Sidejacking, roughly defined as stealing someone's authenticated session object, thereby stealing their identity. 
Solution is to never send the Session through anything that is not an SSL channel. In ESAPI, if I have this right, you say ESAPI.httpUtilities().assertSecureChannel();
Now (at last) The Question:
Sessions can also be transmitted by Ajax requests, right, so... Does this help me with that as well..?

Thanks guys.. I am still reading and learning.. but you got my attention at least.. 



More information about the Esapi-user mailing list