In most cases, an application has a specific name that is always used for an associated session cookie. In other cases, the name of the cookie begins with a known string, such as ASPSESSIONID or MYAPPSESSION, and ends with a random or unpredictable suffix. In these cases, SessionLinker prevents users from presenting more than one of these cookies, and still enforces the expected session linking.
If SessionLinker detects multiple potential session cookies, it automatically blocks access, destroys each of the cookies, and then does one of the following tasks:
|
Copyright © 2014 CA.
All rights reserved.
|
|