[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question re session hijacking in dual stack environments w/MacOS

Subject: Question re session hijacking in dual stack environments w/MacOS
From: laszlo at heliacal.net (Laszlo Hanyecz)
Date: Sat, 26 Sep 2015 15:39:03 +0000
In-reply-to: <[email protected]>
References: <[email protected]>

On 2015-09-26 14:34, David Hubbard wrote:
> Websites that require some type of authentication that is handled via
> session cookies have been booting our users out randomly with "your ip
> address has changed" type message.  This occurs when their Mac decides
> to switch between protocols because the site views it as a session
> hijacking attempt when Joe User with session ID xyz switches from
> 192.0.2.10 to 2001:db8::1:1:a or vice versa.
>
>

This sounds like a really poor practice on the part of the website 
operators.  Users on wireless devices may be switching networks 
throughout the same session (wifi/LTE), or there could be a cluster of 
proxies, or short DHCP leases, or tor circuit changes, or privacy 
extensions, etc.  This is almost as bad as using GeoIP databases to 
authenticate.

-Laszlo

References:
- Question re session hijacking in dual stack environments w/MacOS
  - From: dhubbard at dino.hostasaurus.com (David Hubbard)

Prev by Date: Recent trouble with QUIC?
Next by Date: Synful Knock questions...
Previous by thread: Question re session hijacking in dual stack environments w/MacOS
Next by thread: Question re session hijacking in dual stack environments w/MacOS
Index(es):
- Date
- Thread