Kuza55 had two nice writeups on on how authenticated redirects can help you find out if a user is authenticated to a website or not. The basic premise is that if you send a user to a redirect and have them post back to a page that you have control over you can tell if they are logged in or not. There is one other way to do this that mentioned using Jeremiah’s CSS hack.

If you don’t have control over where the redirect sends the user (if the redirect has a whitelist in it) that’s still okay. You do three steps. 1st, you check to see if the user has been to the whitelist page that you intend to redirect them to (in the case where that whitelist is off domain and not another secured page). If they haven’t, you attempt to redirect them. If it works you check again using the CSS hack and if the state has changed to where their browser has visited it you know they are authenticated. Clear as mud? Nice find, Kuza55!

This entry was posted on Monday, January 1st, 2007 at 5:38 pm and is filed under Webappsec. You can leave a response as well.