Thanks for the information. If that's the case, then if I inject a valid MYSAPSSO2 cookie to a totally different session, it will be authenticated automatically, right?
So there is a possibility of session hijacking.
↧
Channel:
SCN: Message List - SAP Single Sign-On
X
Are you the publisher?
Claim or
contact us
about this channel.
X
0
Channel Details:
- Title: SCN: Message List - SAP Single Sign-On
- Channel Number: 20323599
- Language: English
- Registered On: June 30, 2013, 9:48 pm
- Number of Articles: 2732
- Latest Snapshot: July 17, 2016, 5:29 am
- RSS URL: http://scn.sap.com/community/feeds/messages?community=2424
- Publisher: http://scn.sap.com/community/sso?view=discussions
- Description: Most recent forum messages
- Catalog: //netweaver140.rssing.com/catalog.php?indx=20323599
© 2025 //www.rssing.com