Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alex2015-04-07 16:41:21
Computer networks
Alex, 2015-04-07 16:41:21

Can I use encrypted cookies to store sessions?

There is an idea to use encrypted signed (HMAC) Cookies to store the user session on the client side. There is a security issue where an attacker, knowing the key, can create a Cookie for any user. But this problem can be circumvented if, together with the user id, a part of the user's password hash is stored in the Cookie. Thus, the maximum that an attacker can do is to hack one user.
What could be the disadvantages of this method?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
O
olamedia., 2015-04-07
@w999d

0_o
your id cookies are not random, but by key? this is a vulnerability, yes...
If the session data is stored, then the loss of the key is a vulnerability in itself, the rest are a consequence.

Similar questions
K
Kirill Ostrovsky2017-06-08 11:38:06
Parameter value in Google Analytics? 7Reply
M
Maxim Kyrganov2017-06-26 06:45:08
What program to use to find the moment of frame change in a video file for 48 hours? 2Reply
W
weranda2019-12-10 21:02:00
How to merge two shapes in Sketch so that everything is "smooth"? 3Reply
M
Michael2017-01-28 03:35:15
How to install OpenWrt on Asus rt-n15u? 2Reply
M
Maxim Siomin2021-02-07 16:00:16
Will the provider see the second PC on the network? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question