Cookies and Sessions: A Study of what they are, how they can be Stolen and a Discussion on Security
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2019, Vol 10, Issue 1
Abstract
Cookies and sessions are common and vital to a person’s experience on the Internet. The use of cookies was originally used to overcome a memoryless protocol while using a tiny amount of the system’s resources. Cookies make for a cohesive experience when shopping online, enjoying customized content, and even receiving personalized advertisements when casually surfing the Web. However, by design, cookies lack security. Our research begins by giving a background of cookies and sessions. It then introduces what session hijacking is, and a lab was constructed to test and show how a cookie can be stolen and replayed to gain authenticated access. Finally, the paper presents various countermeasures for common attacks and tools checking for authentication cookies vulnerabilities.
Authors and Affiliations
Young B. Choi, Yin L. Loo, Kenneth LaCroix
Keywords
Related Articles
- EP ID EP448665
- DOI 10.14569/IJACSA.2019.0100104
- Views 67
- Downloads 0
3D Servicescape Model: Atmospheric Qualities of Virtual Reality Retailing
The purpose of this paper is to provide a 3D servicescape conceptual model which explores the potential effect of 3D virtual reality retail stores’ environment on shoppers' behaviour. Extensive review of literature withi...
A Novel Efficient Forecasting of Stock Market Using Particle Swarm Optimization with Center of Mass Based Technique
This paper develops an efficient forecasting model for various stock price indices based on the previously introduced particle swarm optimization with center mass (PSOCOM) technique. The structure used in the proposed pr...
Design of a Cloud Learning System Based on Multi-Agents Approach
Cloud Computing can provide many benefits for university. It is a new paradigm of IT, which provides all resources such as software (SaaS), platform (PaaS) and infrastructure (IaaS) as a service over the Internet. In clo...
Urdu Text Classification using Majority Voting
Text classification is a tool to assign the predefined categories to the text documents using supervised machine learning algorithms. It has various practical applications like spam detection, sentiment detection, and de...
A Generic Model for Assessing Multilevel Security-Critical Object-Oriented Programs
The most promising approach for developing secure systems is the one which allows software developers to assess and compare the relative security of their programs based on their designs. Thereby, software metrics provid...