Cookies World
Some information about cookies
Cookies are used to identify the user and session to the webserver. They play a crucial role in how the client interact with each others.
Session cookies
Session cookies are used to identify the session of the client.
Session ID should be random, unpredictable and of an appropriate length. For example, session ID should not be handle sequentially. It is possible to test the randomness of session cookies using Burp Suite Sequencer.
Cookie attributes
HttpOnly
Can be found in response headers and prevent accessing the cookies through client-side script. Help to prevent steeling of session cookies via an XSS attack.
Secure
If enabled, cookies will only be sent through HTTPS.
Browser extensions
Some useful extensions to manage and edit cookies from browser.
Firefox
Chrome
Security Headers
Last updated