Last post Jun 08, 2011 10:07 AM by Will Steele
Jun 08, 2011 07:39 AM|Will Steele|LINK
A recent WebScarab scan identified an issue where session ID's are being sequentially generated. I am thinking it might be possible to write a custom httpModule to handle this, but, need some direction on how I would approach this. If anyone knows of code
snippets that might help I'd be fine with links.
Jun 08, 2011 07:44 AM|nobdy|LINK
Check this article.
This is step by step implementation of a HttpModule .
I hope this helps.
Jun 08, 2011 10:07 AM|Will Steele|LINK
Thansk I'll dig into that one. About the issue of SessionID's, the application I am working with is a matured system that is about to be sunset. I am trying to simply fix an issue for PCI. Are there any good discussions of how to handle cookie randomization
for existing systems? Unfortunately, the third party vendor is not open to recoding the application because this would require a wide-spread rearchiteturing of the system.
Also, any good in-depth breakdowns of how cookies are handled by the IIS/ASP.NET pipeline would be good to see. If I understood more about the relationship between cookies/sessions are handled in the request and internally it would make handling the dynamic
requite a little easier.