Orkut session expiry Proof-of-Concept cookie disclosed

Forum

Orkut session expiry Proof-of-Concept cookie disclosed
Juha-Matti Laurio	Sunday, July 15, 2007 17 years ago • 2,220 views
Two Proof-of-Concept cookies have been disclosed to demonstrate that Orkut doesn't remove the Google Authentication cookie to kill the Orkut session. The reporter writes the conclusion: "Hijacked session can be used for 14 days by the hijacker because logging out does not kill the session." The original mailing list posting posted recently is this: http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064649.html The example session was created on 30th June, then logged out and it was working until this Sunday.
/pd	17 years ago #
this issue was still in the wild. Google has not taken action to fix this
Juha-Matti Laurio	17 years ago #
Thanks for the additional info.

Blog | Forum more >> Archive | Feed | Google's blogs | About

This site unofficially covers Google™ and more with some rights reserved. Join our forum!