| || |
Session Swapping & Overlapping
Yesterday I was asked by my Project Manager to give a review on some of the projects which I had been reviewing for the last two weeks.
When I pointed out to him that the applications have problem in maintaining cookies and there's also problem of session hacking he argued that it was a browser issue....but as much as i know that session management has to be taken care of by the developer himself and not dependent on the browser...
He gave me the example of Gmail and I pointed out Yahoo....but we still couldn't reach a conclusion.
What do you guys say? Whats your take on the issue?
Re: Session Swapping & Overlapping
i feel that session needs to be maintained by developers and is no way related to browsers.
for badly developed application one can easily hack sessions through browsers and its upto developer to make it secure.