What is a session?
A session creates a file in a temporary directory on the server where registered session variables and their values are stored. This data will be available to all pages on the site during that visit.
A session is a term in computing – more specifically, networking – that gets thrown around a lot, but it can seem like jargon to the aspiring hacker. More importantly, the fifth layer is called the Session layer.
Cookies
Cookies are small repositories of data that are stored within your web browser by a web server. They are rife with security concerns, and some of them can even track your online activity. Whenever you visit a web site, the cookie stored in your browser serves as a type of ID cad Each additional time you log in or request resources from the same web server, the cookie saved in your browser sends its stored data to the webserver Though cookies make browsing the web a lot more convenient, they do have a lot of security drawbacks.
Types of Cookies and Security Problems
In theory, the only other online entity that can read cookies stored in your browser is the website that stored it there originally. However, it’s surprisingly easy for scripts to mine data from cookies, and there are some exceptionally dangerous types of cookies that are rife with security threats. The problem is that special types of cookies aren’t stored within your browser, so even if you opt for a different web browser (Firefox, Chrome, etc.), the cookie will still be active. If you attempt to delete the cookie but notice that it keeps coming back every time you restart your browser, you’ve discovered a zombie cookie and may need special security software to remove it.
Encrypt cookie data
HTTP cookies often come from the web server so consider encrypting cookie values. This adds a layer of protection since the browser client can’t decrypt the data. This makes it so that HTTP cookies are meaningful only to the back-end application. Server-side encryption adds more protection because the client can’t sniff the cookies. With encryption, the server becomes the sole source of truth for HTTP cookies. . A good approach is to prevent the client from knowing what the cookie means on the server. This prevents attackers from sniffing cookie values and crafting attacks on the server. This means there is no need to take the cookie value and assume it is valid on the server.
This blog's intent is to spread awareness about Cookies Hacking. We are not responsible if any damage occurs. This is for educational purposes only.
Comments
Post a Comment