Cookies Secure Problem
Scott Battaglia
scott.battaglia at gmail.com
Mon Sep 17 09:49:31 EDT 2007
According to the servlet specification, setting a cookie timeout to a
negative number means it will not be stored. You'll see that all CAS
cookies are set to -1 and are thus removed when the browser is closed (its
also the default value).
-Scott
On 9/17/07, lllgg <sllai at cashq.ac.cn> wrote:
>
>
> en,I C, what about the other question,
> to disable or expire the TGC in IE,etc.
> in the server side TGC can be delete after
> serveral mins or hours. when i close ie
> and open again i have to login again because
> the TGC expire after IE closed.How does the
> CAS to do this? I check the code and confused.
>
> Marat Radchenko-2 wrote:
> >
> > If attacker has access to browser cache it is very likely that he also
> > can run keylogger and simply read user password. Such attacks are out
> > of CAS scope.
> >
> > 2007/9/17, lllgg <sllai at cashq.ac.cn>:
> >>
> >> hi, I use the cas for serveral apps, I'm confused on how the cas to
> >> protect
> >> the cookies after get form the server. The hacker can't attack while
> >> transfer using SSL. But if he can get Cookies from the system driectory
> >> to
> >> get the TGC and ...
> >> the other question is if i logined in then i closed the IE etc i should
> >> login again.I have read the source code and i didn't get how the CAS to
> >> disable or delete the TGC, in the other way, how did it work? i didn't
> >> find
> >> the code or configure file.
> >> thanks.
> >> --
> >> View this message in context:
> >> http://www.nabble.com/Cookies-Secure-Problem-tf4465331.html#a12731906
> >> Sent from the CAS Users mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> Yale CAS mailing list
> >> cas at tp.its.yale.edu
> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Cookies-Secure-Problem-tf4465331.html#a12733886
> Sent from the CAS Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070917/dca29ce1/attachment.html
More information about the cas
mailing list