Web Security - Session Identifier Cookie

About

A session cookie stores a session identifier in a cookie.

HTTP servers commonly store the session identifier in a cookie.

Using session identifier cookies limits the damage an attacker can cause if the attacker learns the contents of a cookie because the session identifier is useful only for interacting with the server (unlike non-nonce cookie content, which might itself be sensitive)

Documentation / Reference





Discover More
Authentication - Method / Protocol / Scheme

The authentication methods / construct / protocol validates the identity of a user (ie validates who you are). The method is implemented by a (identify|authentication) provider. In the traditional...
Card Puncher Data Processing
Code design - (Connection|Session)

During the use of a product, a session or connection is a execution context that holds identification data (if any) and group actions (such as interaction or transaction) that take place within...
Card Puncher Data Processing
Google Analytics - Utmb cookie

The Utmb cookie is one of the Ga cookie that fulfill the role of session cookie It's used to determine new sessions/visits. The cookie is created when the javascript library executes and it does...
How does Single Sign-on (SSO) authentication work?

Single Sign-On (SSO, trusted sign-on) is a federation identity application. It's the ability: to require a user to sign once and gain access to different applications. SSO is also known as: as...
Set Cookie Block Bad Domain Att Vs Current Host Url
The domain property of a cookie in depth

This article is about the domain property of a cookie and defines what is a domain, how it's used and what's permitted.
Browser
Web Browser - Same-Origin Policy

User agents (such as browser) apply same-origin restrictions to code execution in order to kept data in a location accessible only to the client and the user-agent. browserHTTP client program The...
What are the HTTP Authentication schemes and methods?

This page lists the HTTP authentication schemes and the HTTP components that they used Via the Http Authorization Header: Basic Bearer Digest Others: DPoP HOBA 7486rfc 7486, Section 3...
Chrome Cookies
What is a Cookie? (HTTP Set-Cookie Header )

A cookie is: a key-value data with some associated that control how the browser should manage them. set by a HTTP response via the set-cookie header The received cookies by the browser can be...
What is a Cross-site request forgery attack (CSRF)? Web Security

A Cross-site request forgery (CSRF) is: a http request made by real users unknowingly with the help of the browser from a website to another target website (ie making the request a cross-site...
What is a Session Identifier?

A session identifier is a nonce that represents uniquely a session. Instead of storing session information (such as username, login, start time, ...) directly, the server creates a nonce and sends it...



Share this page:
Follow us:
Task Runner