3
Jun

Securing Session Cookies or ID’s over Network

   Posted by: Rasik Jain   in Programming

Add Comment

Following are some of the security practices for secure transmission of session cookies between web server and client.

  • If its a commercial website, then install SSL for secure communication.
  • Generate unpredictable Random characters for the sessionID value.
  • Avoid incremental or time based session cookie values.
  • Issue or generate session cookie after successful authentication only.
  • Never generate cookies as Persistent cookies on the users hard disk.
  • Set the “SECURE” flag for the session cookie which means cookies will be transmitted over SSL only.
  • Set the Path and Domain of session cookies.
  • Never store or pass session information in URL and Hidden Fields.
Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • email
  • Reddit
  • HackerNews
  • Slashdot
  • StumbleUpon
  • TwitThis
  • Yahoo! Buzz
  • Tumblr
  • Share/Bookmark

Tags: , , ,

This entry was posted on Wednesday, June 3rd, 2009 at 5:49 PM and is filed under Programming. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a reply

Name (*)
Mail (will not be published) (*)
URI
Comment
Back to top