* Posts by Matt Kenny

1 publicly visible post • joined 3 Aug 2007

Flash: Public Wi-Fi even more insecure than previously thought

Matt Kenny

Work-around?

This is just my 2 cents, but I would be inclined to think, that once the SSL session has been established, it would be easier to simply issue a new session ID. So long as it is transmitted within the SSL session, it is safe from interception (unless the SSL session itself is compromised, in which case session hijacking is the least of your worries). Granted, there is still a window during which the cookie is vulnerable, but it is significantly shortened.