Login page behavior

I came across a strange behavior in one web application.
In one tab logged into the web application and in another tab I accessed the login page again. I was thrown out of the first logged in tab too.
Is it desired behavior? I guess the session IDs are shared across tabs and and once logged in one tab can access any page in other tabs.
Let me know if you have any answer.

Comments

Anonymous said…
CSRF tokens used by app? login page would mean missing csrf token, hence the reason for getting booted.

Popular posts from this blog

SQL Injection in search field

Nipper Download