Forum Discussion
Wynand_van_Nisp
Jun 23, 2008Nimbostratus
I spoke to the client and they were not to happy to do a SSL trace due to the fact that they are a bank but explained it like this :
1. Logon – Site sends cookie with Name: ASPNET_SessionId
2. Open new tab.
3. Navigate to site in new tab, now the ASPNET_SessionId is passed to the site because the site is the same
4. Logon again, cookie gets updated with a new session ID
5. Switch back to first tab and carry on navigating
6. From this point on the new session ID is being passed to the web site so navigation carries on as if it’s the second login, and not the first login.
Hopefully this makes more sense.
Thanks for the help.
Wynand