26 Feb
2002
26 Feb
'02
10:25 a.m.
But for most realistic scenarios, sessionid theft is not critical and probably not even exploitable, provided the attacker cannot sniff all traffic between server and client.
Jim, this was a tremendously useful explanation written in easy to understand way. Thank you very much indeed! -- Milos Prudek