Re: saving session cookies?

From: Javier Fernandez-Sanguino (jfernandez@germinus.com)
Date: Thu Mar 16 2006 - 04:17:04 EST

• Next message: Christine Kronberg: "Re: Triggering IDS"
• Previous message: Roman Medina-Heigl Hernandez: "Re: HTTP proxy/redirector to a unique virtual host ...."
• In reply to: offset: "Re: saving session cookies?"
• Next in thread: Johanna Berg: "RE: saving session cookies?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

offset wrote:
> Hi Lee,
>
> Thanks for the feedback, however
>
> To my knowledge, session cookies are not stored on disk (by design), at least on any browser that I have used.

That really depends on what the server says (and what you "accept" on
the browser). Cookie lifetime is set on server headers, typically
session cookies will be only stored on memory if the server did not
provide an expiration, but some applications set expiration dates for
session cookies (sometimes on purpose) that makes the cookie be stored
on disk.

In any case, you might be interested in taking a look at WebScarab, when
saving a navigation session you get a few files in the navigation
session including a 'cookies' file which includes all cookies that the
proxy has seen throughout the session (regardless of expiration
information given by the server)

Alternatively, as said previously, you can use the "Add N Edit Cookies"
extension in Mozill and use the Cookie Editor to change the expiration
dates of the cookies so that you force Mozilla to store them in the
cookies file (regardless of what the server says)

Regards

Javier

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------

• Next message: Christine Kronberg: "Re: Triggering IDS"
• Previous message: Roman Medina-Heigl Hernandez: "Re: HTTP proxy/redirector to a unique virtual host ...."
• In reply to: offset: "Re: saving session cookies?"
• Next in thread: Johanna Berg: "RE: saving session cookies?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:41 EDT