Hi there,
I am trying to counter a session hijack example.
I log in with my chrome browser and with the use of js i set my cookie (in firefox) to be the same as the one in chrome. i am able to login automatically (as my session id are stored in db).
I have a validation which then check if i am coming from the right “user agent”. obviously now being in firefox i get kicked out but my cookie does not get removed.
Using an alert in js “document.cookie” i have the same cookie twice with different values. I cannot delete entirely the cookie until i clear my browser cookie.
i tries unser the cookie name and also setcoookie(name,’’, 1 yr old). nothing.
how can i completly cleat the whole cookie.
Thanks for any help,
