Web Security - Session Identifier Cookie


A session cookie stores a session identifier in a cookie.

HTTP servers commonly store the session identifier in a cookie.

Using session identifier cookies limits the damage an attacker can cause if the attacker learns the contents of a cookie because the session identifier is useful only for interacting with the server (unlike non-nonce cookie content, which might itself be sensitive)

Documentation / Reference

Powered by ComboStrap