mawingpui
asked on
Session Fixation
Hi Experts,
I tried to use IBM Rational AppScan to scan the website, but the "Session Fixation" problem still come up.
Page
login.asp -> default.asp -> logout.asp
"Session identifier not updated" problem seems to re-use the Session ID.
http://www.owasp.org/index.php/Session_Fixation_Protection
I tried to follow the Example in the above but unsuccessful.
Is it able to do the following?
- Renew the ASPSESSIONID
- Cookieless Session
- Encrypted URL
...
I tried to use IBM Rational AppScan to scan the website, but the "Session Fixation" problem still come up.
Page
login.asp -> default.asp -> logout.asp
"Session identifier not updated" problem seems to re-use the Session ID.
http://www.owasp.org/index.php/Session_Fixation_Protection
I tried to follow the Example in the above but unsuccessful.
Is it able to do the following?
- Renew the ASPSESSIONID
- Cookieless Session
- Encrypted URL
...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.