Test your browser

Cookies

  1. Set a cookie here.
  2. Try to get it back following a
    1. POST request
    2. GET request
    from this site to another. If your cookie is displayed, your session has been successfully ridden by this site.

HTTP Auth sessions

  1. Start a HTTP Auth session by clicking this link here. If you are using any kind of protection against Session Riding, this might fail (that would be a good thing!) and you need to manually enter the username "foo" and the password "bar".
  2. Click on this link here. If you are still authenticated (you didn't had to reenter the credentials) your HTTP Auth session has been successfully ridden by this site.
Justus Winter
Last modified: Mon Dec 11 12:32:38 CET 2006