Something I've recently been toying with is the idea of
encrypting/signing cookies with a private key on the server. The the
cookies can't be read or tampered with by the user, nor can they be
stolen by cross-site attacks and the like.
This isn't something I've done a lot of work with, however, so I may be
missing something obvious, and am open to comments on the idea.
Ron
Till Elsner wrote:
Hi, i'm investigating in web application security this time and i'm
trying to find some information about session management with cookies
and related security issues. Can anyone point me to tips on how to make
cookie based sessions more secure and how to prevent session hijacking?
How secure is session handling using cookies and what are the main
risks? Is anyone aware of good literature on that topic?
Thanks and have a nice day
Till
-------------------------------------------------------------------------
Sponsored by: WatchfireMethodologies & Tools for Web Application
Security AssessmentWith the rapid rise in the number and types of
security threats, web application security assessments should be
considered a crucial phase in the development of any web application.
What methodology should be followed? What tools can accelerate the
assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
