Eikonal Blog

2010.12.06

Web-Cookies Security

Best practices

  • For the most secure result, the standard session management cookie should be a “session” cookie that expires as soon as the Web browser is closed. Furthermore, the server should enforce a fairly short maximum lifetime on sessions even if the browser remains open. (source: [2])

Session tracking mechanisms

Evercookies

  • Evercookies – http://samy.pl/evercookie/
      Following session (cookie-like) information can be stored:

      • Standard HTTP Cookies
      • Local Shared Objects (Flash Cookies)
      • Silverlight Isolated Storage
      • Storing cookies in RGB values of auto-generated, force-cached
      • PNGs using HTML5 Canvas tag to read pixels (cookies) back out
      • Storing cookies in Web History
      • Storing cookies in HTTP ETags
      • Storing cookies in Web cache
      • window.name caching
      • Internet Explorer userData storage
      • HTML5 Session Storage
      • HTML5 Local Storage
      • HTML5 Global Storage
      • HTML5 Database Storage via SQLite
      • Caching in HTTP Authentication
      • Using Java to produce a unique key based off of NIC info

  • Google search – http://www.google.com/search?q=evercookie
Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: