[Owasp-testing] Copy Cookies
jamuse at gmail.com
Thu Jul 22 05:56:24 EDT 2010
On Thu, Jul 22, 2010 at 6:03 AM, Zaki Akhmad <zakiakhmad at gmail.com> wrote:
> I found the web application that I test is vulnerable with its
> cookies. After I successfully login with userid and password provided,
> I can copy the cookies to another browser/computer so that he/she can
> enter the web application without login.
> How do I fix this vulnerability?
Per request tokens is one way, but that may break the UI.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-testing