[JBoss Seam] - Re: sessionId cookie: man-in-the-middle attack - jboss-user

Saturday, 2 June 2007

...
 your site is http, but post-login, it changes to https 
Ohh, I guess you mean pre-login. Like one could be browsing a site using HTTP. Then, when
clicking a login link or payment link one would get to a HTTPS page at which the
credentials are entered. So, the credentials are encrypted as well.

Yes, I assume Gavin's idea to rotate the cookie whenever the protocol changes might be
good.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4050712#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[JBoss Seam] - Re: sessionId cookie: man-in-the-middle attack