One-time cookies: Preventing session hijacking attacks with stateless authentication tokens

@article{Dacosta2012OnetimeCP,
  title={One-time cookies: Preventing session hijacking attacks with stateless authentication tokens},
  author={Italo Dacosta and Saurabh Chakradeo and Mustaque Ahamad and Patrick Traynor},
  journal={ACM Trans. Internet Techn.},
  year={2012},
  volume={12},
  pages={1:1-1:24}
}
HTTP cookies are the de facto mechanism for session authentication in Web applications. However, their inherent security weaknesses allow attacks against the integrity of Web sessions. HTTPS is often recommended to protect cookies, but deploying full HTTPS support can be challenging due to performance and financial concerns, especially for highly distributed applications. Moreover, cookies can be exposed in a variety of ways even when HTTPS is enabled. In this article, we propose one-time… CONTINUE READING
Highly Cited
This paper has 34 citations. REVIEW CITATIONS

Citations

Publications citing this paper.
Showing 1-10 of 24 extracted citations

References

Publications referenced by this paper.
Showing 1-10 of 25 references

Understanding ASP.NET View State

  • S. Mitchell
  • http://msdn.microsoft.com/en-us/library/ ms972976…
  • 2004
Highly Influential
4 Excerpts

AmEx ’debug mode left site wide open

  • J. Leyden
  • says hacker. http://www.theregister.co.uk/ 2011…
  • 2011
Highly Influential
5 Excerpts

Similar Papers

Loading similar papers…