Re: Security and cookieless sessions
From: Nick (Nick@Bluefield.com.hk)
Date: 10/25/02
- Next message: Bill Chan: "Re: DES Algorithm (RC4 Encryption)"
- Previous message: Stefan Schachner[MS]: "RE: Security and cookieless sessions"
- In reply to: Stefan Schachner[MS]: "RE: Security and cookieless sessions"
- Next in thread: Stefan Schachner[MS]: "Re: Security and cookieless sessions"
- Reply: Stefan Schachner[MS]: "Re: Security and cookieless sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nick" <Nick@Bluefield.com.hk> Date: Fri, 25 Oct 2002 10:16:01 +0800
Stefan,
Thanks for your speedy reply.
We will be using SSL for encryption. I was just wondering if using
cookieless sessions was inhrently less secure than using session via
cookies.
I want to use the cookieless option as it's more flexible but I don't want
to comprimize security.
I assume you can also spoof a session that uses cookies. Is it much harder
or is the diffeerence so small they can be deamed the same?
Thanks
Nick
- Next message: Bill Chan: "Re: DES Algorithm (RC4 Encryption)"
- Previous message: Stefan Schachner[MS]: "RE: Security and cookieless sessions"
- In reply to: Stefan Schachner[MS]: "RE: Security and cookieless sessions"
- Next in thread: Stefan Schachner[MS]: "Re: Security and cookieless sessions"
- Reply: Stefan Schachner[MS]: "Re: Security and cookieless sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
