Web Application Security
secure cookies Sep 12 2013 08:29AM
saghar estehghari (s estehghari gmail com)

In the system that i'm working on, we are having some session cookies
on the client side that we need to protect against the replay attack !
So I find the following paper
http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf and I
really like the way that they put thing together. There is only one
problem with this and that is the use of SSL session key (this is used
for anti-replay purpose). I have some problems to get this parameter
in my code (we use .Net framework and the server is running on
IIS7.0). So I was wondering whether anybody in list has implemented
this method for his/her system and whether you have suggestion on
replacing this parameter with another one.

BTW, I know that server side sessions are more secure than client isde
cookies, but my team currently prefers cookies than sessions.



This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus