Ars Technica

How to kill a user's session, without being in that session?

I've got a weblogic server with a J2EE app in it that will have a set of users hitting it. I need to, as someone with admin privs to the server, be able to kill a user's session without affecting ...
Bleeping Computer

New (but Old) Technique Hijacks User Sessions on All Windows Versions

A security researcher has detailed a way to log into any account on the same computer, even without knowing its password. The trick works on all Windows versions, doesn’t require special privileges, ...
Computer Weekly

Session fixation protection: How to stop session fixation attacks

Question: What is session fixation and how can I protect my users from it? Session fixation is a vulnerability caused by incorrectly handling user sessions in a Web application. A user’s session is ...
ZDNet

Advertisers can track users across the Internet via TLS Session Resumption

An academic paper published last month has shed new light on a new user tracking technique that takes advantage of a legitimate mechanism associated with the TLS (Transport Layer Security) protocol ...
WeLiveSecurity

What’s the deal with session-replay scripts?

All of us probably have some understanding that, on the internet, you’re never alone and nothing that you do is entirely secret. Website administrators, for example, are known to use a number of ...
Ars Technica

apache and user sessions, mod_session or memcached

i have load balanced httpd servers and recently found an issue with my haproxy configs where i was in a "one or the other" config, and not actually balancing traffic between instances. since ...