Posted by howa on 06/11/07 13:44

1. For example, without SSL, If I capture my local LAN packet and
scanned the SESSION ID, is it possible to hijack the session?

2. So any recommendation for web apps session handling without SSL?

Thanks.

[Back to original message]