Google Chrome hijacked a coworker's session today.
All we can figure is that the user who was hijacked had logged into their gmail the other day and when the other employee came in this morning and connected to the wifi, DHCP assigned them the same IP, and google just continued the session which had been left open.
Has anyone had any experience like this? It's a bit concerning because these weren't corporate accounts or anything, and the employee had full access to the google account of the other without having to know the password.
The problem disappeared when we tried clearing stored data and reinstalling chrome.
The employee hadn't used the computer displaying this behavior in a while, is it possible that a session collision happened? The fact that it was another employee leads us to believe that it was somehow linked to the corporate IP address.
Any ideas?
2 comments
[ 3.3 ms ] story [ 17.5 ms ] threadGiven that you're using DHCP-assigned IP addresses, you're likely behind NAT. From Google's vantage point, both employees will appear to always have the same IP address as each other.
> is it possible that a session collision happened
Looking at my browser's session state, I suspect the session cookie is SSID, which is 21 bytes. Assuming it's a base64-encoded integer, it would be a 14-byte integer. I think that would make a collision a fairly rare occurrence.
I agree, I think the fact that these people are coworkers and both were using the network here is relevant, but I don't know enough about networks or google's account system to make good guesses as to what happened.
There would be something like 2^(14*8), or 5 million billion billion billion unique session ids. A collision occurring in the first place must be rare, for it to be two people who are coworkers must be some orders of magnitude more rare.