Member-only story
Cookie Security: From a Developer’s Perspective
We will be learning more about the source code reviews in this blog. The primary focus of ours will be the security of the cookies as they are used for session management and are prone to attacks such as XSS and others.
Cookie Security
What is Cookie
To identify the user every web application assigns a session identifier that is stored on the client side and these values are being stored as a variable in cookie. As a result, when a user browses the application, the application which assigns the cookie can access the cookie from the client side and can identify the user based on the values assigned to it.
To check more details on exploitation issues with the cookie. You can check my previous blog on this.
https://gupta-bless.medium.com/exploiting-remember-me-cookie-for-account-takeover-4e8d5fd42d4b
Let’s understand the different flags that can be used in the cookie to make it fully secure
HttpOnly
HttpOnly is not set to true
