Tech Tip: cross site scripting with smsession cookie

Document created by HONGXU LIU Employee on Nov 6, 2015Last modified by kristen.palazzolo on Dec 17, 2016
Version 3Show Document
  • View in full screen mode


When client enables cross site scripting check, will it stop  smsession cookie being passed in the url?

 

No.

Siteminder smsession is Base64-encoded string.
Its standard index table can be found over internet sites, 64-character alphabet consisting of upper- and lower-case Roman letters (A–Z, a–z), the numerals (0–9), and the "+" and "/" symbols. The "=" symbol is also used as a special suffix code. Generally you will not see any of cross scripting check in client configuration matching with above character mentioned.

Attachments

    Outcomes