Improving the Security of Session Management in Web Applications

Download Now
Provided by: Katholieke Universiteit Leuven
Topic: Security
Format: PDF
Session management is a critical component of modern web applications, allowing a server to keep track of user-specific state, such as an authentication status. Unfortunately, many applications deploy session management over an insecure HTTP channel, making them vulnerable to eavesdropping, session hijacking or session fixation attacks. On the contrary, state-of-practice guidelines advocate the deployment of session management on a secure HTTPS channel, using the HttpOnly and secure cookie attributes, effectively eliminating these well-known session management attacks.
Download Now

Find By Topic