Overview#

Authentication cookie is a cookie and is one of the most common Authentication Methods used by web servers to know whether the user is logged in or not, and which account they are logged in with.

Without such some Authentication Method, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in.

The security of an Authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted. '

Security vulnerabilities may allow a Authentication cookie's data to be read by a hacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the Authentication cookie belongs (see cross-site scripting and cross-site request forgery for examples).[1]

There is considerable movement away from Authentication cookie to the use of JSON Web Tokens for Authentication.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-2) was last changed on 21-Jul-2016 16:14 by jim