Web Security - Session Identifier Cookie

Web Security - Session Identifier Cookie

About

A session cookie stores a session identifier in a cookie.

HTTP servers commonly store the session identifier in a cookie.

Using session identifier cookies limits the damage an attacker can cause if the attacker learns the contents of a cookie because the session identifier is useful only for interacting with the server (unlike non-nonce cookie content, which might itself be sensitive)

Documentation / Reference




Discover More
Authentication - Method / Protocol / Scheme

The authentication methods / construct / protocol validates the identity of a user (ie validates who you are). The method is implemented by a (identify|authentication) provider. In the traditional...
Card Puncher Data Processing
Code design - (Connection|Session)

During the use of a product, a session or connection is a execution context that holds identification data (if any) and group actions (such as interaction or transaction) that take place within...
Card Puncher Data Processing
Google Analytics - Utmb cookie

The Utmb cookie is one of the Ga cookie that fulfill the role of session cookie It's used to determine new sessions/visits. The cookie is created when the javascript library executes and it does...
Chrome Cookies
HTTP - Cookie (Set-Cookie Header )

A cookie is: a key-value data and some associated that control how the browser should manage them. A cookie is: set initially: by the server side with a HTTP response and the Set-Cookie...
How does Single Sign-on (SSO) authentication work?

Single Sign-On (SSO, trusted sign-on) is the ability: to require a user to sign once and gain access to different applications. SSO is also known as: as Trusted sign-on or Multi-Domain Security...
Set Cookie Block Bad Domain Att Vs Current Host Url
The domain property of a cookie in depth

This article is about the domain property of a cookie and defines what is a domain, how it's used and what's permitted.
Browser
Web Browser - Same-Origin Policy

User agents (such as browser) apply same-origin restrictions to code execution in order to kept data in a location accessible only to the client and the user-agent. browserHTTP client program The...
Web HTTP - SameSite Cookie property (First-Party-Only)

samesite is a cookie property that controls if a cookie should be sent along in a cross-site HTTP request ie: when the origin of the code (HTML, Javascript, ..) that created the request (generally the...
Web Security - Cross-site request forgery (CSRF)

A Cross-site request forgery (CSRF) is: a http request made by real users unknowingly with the help of the browser from a website to another target website (ie making the request a cross-site...



Share this page:
Follow us:
Task Runner