Web security & commerce
Cookies
IEEE Internet Computing
The Design and Implementation of Improved Secure Cookies Based on Certificate
INDOCRYPT '02 Proceedings of the Third International Conference on Cryptology: Progress in Cryptology
Hi-index | 0.00 |
Cookies are pieces of information generated by a Web server to be stored in a user's machine. The information in cookies can range from selected items in a user's shopping cart to authentication information used for accessing restricted pages. While cookies are clearly very useful, they can also be abused. In this paper, security threats that cookies can pose to a user are identified, as are the security requirements necessary to defeat them. Various options to meet the security requirements are then examined. Proposed user-controlled approaches and their implementations are presented and compared with a server-controlled approach, particularly the 'Secure Cookies' method, to illustrate the relative advantages and disadvantages of the two approaches.