|
Posted by Sebastian Lisken on 11/12/65 12:00
Bruno Rafael Moreira de Barros <brunormbarros@gmail.com> wrote:
> Not nasty things, but session stealing.
I know about session stealing. I also know that the session ID can be
transmitted via a query string parameter or via a cookie if the browser
permits it. I presume you know that SID reverts to an empty string in
the latter case.
Sebastian
[Back to original message]
|