This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Leaky or Guessable Session Identifiers
January/February 2011 (vol. 15 no. 1)
pp. 88-91
Stephen Farrell, Trinity College Dublin
Many Internet and Web applications use session identifiers. Too often, developers of those applications make the bad assumption that all is well because session identifiers are only known to authorized users. However, in many cases, session identifiers can leak out or be guessed, sometimes trivially. If presenting an identifier is the only authorization an application requires, it can represent an easily exploited vulnerability. Although these vulnerabilities are old and well-known, some recent examples of problems arising from them show that developers must remain on guard against them.
Index Terms:
session identifier security, brute-force, guessing, information leakage
Citation:
Stephen Farrell, "Leaky or Guessable Session Identifiers," IEEE Internet Computing, vol. 15, no. 1, pp. 88-91, Jan.-Feb. 2011, doi:10.1109/MIC.2011.12
Usage of this product signifies your acceptance of the Terms of Use.