WebApp Sec mailing list archives
secure cookies
From: saghar estehghari <s.estehghari () gmail com>
Date: Thu, 12 Sep 2013 10:29:01 +0200
Hi, In the system that i'm working on, we are having some session cookies on the client side that we need to protect against the replay attack ! So I find the following paper http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf and I really like the way that they put thing together. There is only one problem with this and that is the use of SSL session key (this is used for anti-replay purpose). I have some problems to get this parameter in my code (we use .Net framework and the server is running on IIS7.0). So I was wondering whether anybody in list has implemented this method for his/her system and whether you have suggestion on replacing this parameter with another one. BTW, I know that server side sessions are more secure than client isde cookies, but my team currently prefers cookies than sessions. Thanks Saghar This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- secure cookies saghar estehghari (Sep 12)