WebApp Sec mailing list archives
RE: Session security with cookies
From: "Martin O'Neal" <martin.oneal () corsaire com>
Date: Wed, 5 Dec 2007 10:11:21 -0000
Encrypting or signing the data in the cookies is better than not doing it...
In an ideal world: - No data in cookies at all; all state should be held server side - Session identifier not dependent on data at all; it should be truly random and unique Martin... ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Re: Session security with cookies, (continued)
- Re: Session security with cookies Aaron Katz (Dec 05)
- Re: Session security with cookies Till Elsner (Dec 05)
- Re: Session security with cookies Aaron Katz (Dec 05)
- Re: Session security with cookies Aaron Shelmire (Dec 08)
- Re: Session security with cookies Eduardo Tongson (Dec 08)
- Cryptographically Generated Cookies Paul Johnston (Dec 12)
- Re: Cryptographically Generated Cookies Andy Steingruebl (Dec 14)
- Re: Cryptographically Generated Cookies Jamie Riden (Dec 14)
- RE: Session security with cookies Martin O'Neal (Dec 12)
- Message not available
- Re: Session security with cookies Scott C. Sanchez (Dec 04)
- RE: Session security with cookies Martin O'Neal (Dec 05)