Authentication cookie


Authentication cookie is a cookie and is one of the most common Authentication Methods used within Web Authentication to know whether an entity is logged in or not, and which account they are logged in with.

Without such some Authentication Method, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in.

The security of an Authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted. '

Security vulnerabilities may allow a Authentication cookie's data to be read by a hacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the Authentication cookie belongs (see cross-site scripting and cross-site request forgery for examples).[1]

There is considerable movement away from Authentication cookie to the use of JSON Web Tokens for Authentication.

More Information#

There might be more information for this subject on one of the following: