On Friday, October 17, 2014 5:51:18 PM UTC-4, Dave S wrote: > > > > On Friday, October 17, 2014 1:15:39 PM UTC-7, Anthony wrote: > >> I was simply pointing out that sessions do not technically expire on the >> server side. The browser expires sessions by ceasing to return the session >> cookie. If an attacker steals the cookie and keeps sending it, then the >> server does nothing to expire the session. However, Auth logins can expire, >> but that is a different matter. >> >> > What's the model for an attacker stealing a cookie? Does it require > access to the user's machine, or would a man-in-the-middle attack (with a > wild proxy, for instance) work? >
Can be done via MITM attack. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
