Abstract: Cookies and sessions are common and vital to a person’s experience on the Internet. The use of cookies was originally used to overcome a memoryless protocol while using a tiny amount of the system’s resources. Cookies make for a cohesive experience when shopping online, enjoying customized content, and even receiving personalized advertisements when casually surfing the Web. However, by design, cookies lack security. Our research begins by giving a background of cookies and sessions. It then introduces what session hijacking is, and a lab was constructed to test and show how a cookie can be stolen and replayed to gain authenticated access. Finally, the paper presents various countermeasures for common attacks and tools checking for authentication cookies vulnerabilities.

Young B. Choi, Yin L. Loo and Kenneth LaCroix, “Cookies and Sessions: A Study of what they are, how they can be Stolen and a Discussion on Security” International Journal of Advanced Computer Science and Applications(IJACSA), 10(1), 2019. http://dx.doi.org/10.14569/IJACSA.2019.0100104

@article{Choi2019,
title = {Cookies and Sessions: A Study of what they are, how they can be Stolen and a Discussion on Security},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2019.0100104},
url = {http://dx.doi.org/10.14569/IJACSA.2019.0100104},
year = {2019},
publisher = {The Science and Information Organization},
volume = {10},
number = {1},
author = {Young B. Choi and Yin L. Loo and Kenneth LaCroix}
}