WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

secure cookies

From: saghar estehghari <s.estehghari () gmail com>
Date: Thu, 12 Sep 2013 10:29:01 +0200
Hi,

In the system that i'm working on, we are having some session cookies
on the client side that we need to protect against the replay attack !
So I find the following paper
http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf  and I
really like the way that they put thing together. There is only one
problem with this and that is the use of SSL session key (this is used
for anti-replay purpose). I have some problems to get this parameter
in my code (we use .Net framework and the server is running on
IIS7.0). So I was wondering whether anybody in list has implemented
this method for his/her system and whether you have suggestion on
replacing this parameter with another one.

BTW, I know that server side sessions are more secure than client isde
cookies, but my team currently prefers cookies than sessions.

Thanks

Saghar



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: