[WEB SECURITY] IP address change: relogin

Stephan Wehner stephanwehner at gmail.com
Thu May 22 15:20:02 EDT 2008

On Wed, May 21, 2008 at 8:27 PM, Bil Corry <bil at corry.biz> wrote:
> One final method that I've contemplated, but haven't had time to build a
> PoC, is to use HTTP Digest Authentication and use XHR to passively
> "authenticate" the user with the username being their session ID, and the
> password a random value.  Then using Digest's nonce, you can prevent replay
> attacks, etc.  The downside is you have to initially seed the browser with...

Similar to this one?



Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list