19 Feb
2002
19 Feb
'02
5:52 p.m.
The only information in the cookie is the browser ID -- just a unique key to retrieve the session data saved on the server. The key is NOT cryptographically secure -- capturing the key would enable you to steal a session if the application didn't check for that. This is intended,
This raises an interesting question: How do you check in the application if section was stolen? -- Milos Prudek