[Owasp-testing] Copy Cookies

Jamuse jamuse at gmail.com
Thu Jul 22 05:56:24 EDT 2010


On Thu, Jul 22, 2010 at 6:03 AM, Zaki Akhmad <zakiakhmad at gmail.com> wrote:

> Hello,
>
> I found the web application that I test is vulnerable with its
> cookies. After I successfully login with userid and password provided,
> I can copy the cookies to another browser/computer so that he/she can
> enter the web application without login.
>
> How do I fix this vulnerability?
>

Per request tokens is one way, but that may break the UI.

--
 - J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100722/2bbf4cd7/attachment.html 


More information about the Owasp-testing mailing list