[niftich]

You can exploit the fact that HTTP caching sends the ETag back and forth. A server can set a crafted ETag and basically use it as a session ID. See [1][2]

[1] http://security.stackexchange.com/questions/12679/how-can-i-... [2] https://github.com/lucb1e/cookielesscookies/blob/master/inde...