2

Have received some reports from a customer (a very large company) they reported issues from clients who are using Facebook.

These clients claim that once in a while when they log in to Facebook they end up in someone else's session.

I know that network is NATed then Proxied before getting to Facebook.com.

Although I'm not able to explain how this issue can occur.

Is it possible that the Proxy is not sending the right session back to the clients?

How can they end up with someone else's session since Facebook is cookie based session??

Anyone seen this before?

Alex
  • 3,129
  • 21
  • 28

3 Answers3

1

There's a known vulnerability that makes Facebook susceptible to cross-site scripting attacks. It's possible that something like this is going on.

Here's a write-up of it.

squillman
  • 37,883
  • 12
  • 92
  • 146
  • Thanks for the answer, although, could that explain how a non-techy person end up browsing a colleague's facebook account simply by going on facebook.com? – Alex Mar 11 '11 at 16:04
1

Are they using a proxy service on the firewall? It may be possible that facebook related pages containing session cookies are getting cached. Depending on the order pages are loaded it could replace the session cookie with someone else's cookie.

It should be less of a problem with https connections which shouldn't be cached.

BillThor
  • 27,737
  • 3
  • 37
  • 69
0

NAT couldn't be the source of it, however a session is merely a cookiestring and if the same cookie string is sent out to multiple computers, then basically both computers would end up in the same session.

A proxy could do that, but that would mean that both facebook and the proxy does some rather problematic stuff. afaik facebook only sends out the session cookie string after login on the https site, which means that it shouldn't have been cached.

jishi
  • 868
  • 2
  • 11
  • 25