Re: Session security with cookies

[Paul Johnston <paj () pajhome org uk>]

Tim,

You may find my GSEC paper helpful 
http://westpoint.ltd.uk/advisories/Paul_Johnston_GSEC.pdf

The first bit on types of authentication is less relevant, but the 
latter should be useful.

Paul

> Hi, i'm investigating in web application security this time and i'm  
> trying to find some information about session management with cookies  
> and related security issues. Can anyone point me to tips on how to  
> make cookie based sessions more secure and how to prevent session  
> hijacking? How secure is session handling using cookies and what are  
> the main risks? Is anyone aware of good literature on that topic?
> Thanks and have a nice day
> Till



-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------