User induced session stomping?
cantor.2 at osu.edu
Mon Aug 27 12:00:46 EDT 2012
On 8/27/12 11:58 AM, "Chad La Joie" <lajoie at itumi.biz> wrote:
>In theory, I think so. I don't believe the IdP does do that, however.
> In the case you noted you'll have one login context with a completed
>authentication recorded. In the case of the OP, you end up with
>multiple login contexts none of which has completed.
Yeah, I didn't think the IdP today did, just wondering if it was possible
with the brute force error message testing I do. Mostly I wondered how
Kevin knew that *that* was that cause of the error his users saw.
More information about the users