Photo by Vyshnavi Bisani on Unsplash

Photo by Vyshnavi Bisani on Unsplash

Session cookies as targets for criminals

Stealing from the Cookie Jar

Article from ADMIN 89/2025
By
Session data stored on user hard disks can be targeted by criminals to bypass the need for a password or second factor in active user sessions.

In the early days of the Internet, JavaScript and cookies were considered evil and dangerous constructs that could be misused to execute code and secretly store tracking information. Users who valued security disabled JavaScript and simply banned cookies, with few exceptions. Today, both concepts are an integral part of the Internet. Responsive web applications can be created quickly with the use of comprehensive libraries and APIs on the server for all communication. Static API keys, JSON web tokens (JWTs), or simply session cookies, which are essentially dynamic API keys, are used to secure user activities.

Session cookies are small snippets of information that web applications use to reference temporary information about a user's session, making it possible to identify a user visiting a website without the need constantly to re-authenticate. Typical session information includes login status, shopping cart content in online stores, and user configurations. As such, session cookies form the basis for web applications.

Session cookies are normally stored in the web browser's cache on the user device, and you can view them with developer tools (Figure 1). Unlike permanent cookies, which the browser also stores on disk, session cookies only need to be stored in the browser's working memory. You can access this memory area from the browser's sessionStorage API. The information is then only available while the browser is running. As soon as the user closes the browser window, the data disappears automatically, which makes the approach more secure because no data remains permanently on the device. However, many applications also store their data cookies in the browser's local cookie store so that they are also available in other windows of the same application.

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=