Definition
A secure cookie is an HTTP cookie that is always transmitted over an encrypted HTTPS connection (SSL/TLS) to protect data from being intercepted by malicious actors.
These cookies have a secure attribute, ensuring they are not sent over unencrypted HTTP, which is susceptible to eavesdropping and man-in-the-middle attacks.
Benefits of Secure Cookies
- It helps to prevent theft through cross-site scripting (XSS).
- Ensures cookies are sent over an encrypted HTTPS.
Cookie Hijacking Techniques
- Network threats: Attackers can potentially access the contents of a cookie if it is sent over an unsecured connection. The Secure Socket Layer (SSL) protocol in web browsers and servers can safeguard against such threats, but only if the cookies are on the network.
- Cookie harvesting: This refers to a large-scale collection of cookies through phishing attacks, compromised third-party scripts, or cross-site request forgery (CSRF), exploiting vulnerabilities or tricking users to steal session data.
- End system threats: These target a user’s device or browser through techniques like malware, keyloggers or cross-site scripting (XSS), enabling attackers to access stored cookies directly.