Tag: cookies

Found 476 results for 'cookies'.

1) authentication - Is using JWT token for "remember me" less secure than random session token?
2) web-application - Why are ASP.NET form authentication cookies deleted only on client side if client side can't be trusted?
3) cookies - Exploiting a potential ASP.NET web app Session Fixation vulnerability
4) web-application - JWT or session cookie for API for both web and mobile app?
5) cookies - Understanding Session Fixation Vulnerability
6) javascript - How to set a cookie for another domain
7) cookies - Double Submit Cookies vulnerabilities
8) man-in-the-middle - Signing Double Submit Cookies, where the value is a pseudo random string and a signature of it. Is this more secure?
9) hash - Is it secure to use a hash of a login token as an anti-csrf token?
10) web-application - Is same origin policy for web only useful because of cookies?
11) xss - Facebook's warning of self-xss
12) cookies - How to securely set a cookie on another subdomain?
13) web-application - Sending httpOnly cookie also in HTTP response body
14) webserver - Possible issues when one or more cookie not HttpOnly
15) xss - JWT cookie with CSRF token as a claim inside the JWT
16) cookies - Cookie-to-Header CSRF protection vs CORS
17) cookies - Cookie-to-header token CSRF protection
18) cookies - CSRF Protection Is Needed for GET Requests
19) cookies - Do I need CSRF token if I'm using Bearer JWT?
20) xss - http_only for cookies with JWT tokens
21) web-application - CSRF tokens in cookies?
22) authentication - How to do authentication when FE and BE are on different domains?
23) web-application - Remember me vs. persistent session for web applications
24) xss - Will same-site cookies be sufficient protection against CSRF and XSS?
25) authentication - How to implement secure user sessions using HttpOnly cookies?
26) authentication - Why not store password in cookie?
27) tls - MITM session injection/invalidation
28) appsec - Provide CSRF token to the front-end, if not present in the request headers
29) man-in-the-middle - Wouldn't transient cookies for session management increase effectiveness of MITM?
30) cookies - How is the session ID sent securely?
31) web-application - Does the ability for a user to choose the value of a session id cookie constitute a security flaw?
32) tls - Can a session be hijacked if the user is redirected from HTTPS to HTTP after login?
33) web-application - avoid hitting DB to authenticate a user on EVERY request in stateless web app architecture?
34) cookies - Hardening ASP.NET against session fixation: Should I change the session ID despite the additional Auth cookie?
35) tls - How to avoid session fixation (Login CSRF) by MitM attack without HSTS?
36) web-application - CSRF cookie vs session based tokens
37) php - Why not write the CSRF Token into the Session
38) cookies - How do I store session data on a server securely
39) php - Are PHP Sessions based on cookies or a cookie-IP pair?
40) firefox - How to store cookies from some sites but clear others when firefox closed?
41) firefox - Block cookies by name, not by site, in Firefox
42) windows-7 - Does copying all cookie *.txt files from XP to Win7 work?
43) html - Local Storage vs Cookies
44) security - Is it really dangerous to save hashed password in cookies?
45) asp.net - Security cookies ASP.NET
46) security - Is it safe to store (hashed) passwords in a cookie?
47) firefox - How is Craigslist tracking my actions in Firefox?
48) tls - What security issues are there when reading cookie with .htaccess?
49) passwords - Why use an authentication token instead of the username/password per request?
50) authentication - Token based authentication under http