RML wrote:
Yes, IE gives me 2 session id's. That what I expected to get on a multi-tab
browser too.
Are you *sure* of that ?
If you click twice on the blue e, you'll get two instances of the
application, and then two different session id.
But if you get a new windows of the same instance with CTRL-N,
connecting from that windows should get you the same ID.
Just tested that and that worries me even more... Got the same session-id
too. Which means that an administrator uses the same session id as a regular
user does. Doesn't sound too good.
If you start FF as a different user on XP, you'll get separate instance
and separate ids. If you talk about identifying differently on your
site, you will not be ablt to do that with cookie based identification.
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
