Ender
Reputation: 27283
How do I protect my site's session cookie?
Session cookies are quickly becoming a standard way of doing login management. However, if sent unencrypted, it's pretty easy to hijack someone's session ala Firesheep.
Now, you can solve this by making your entire site use HTTPS, but if someone types in mysite.com the browser defaults to http. We can solve this with a redirect:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
But by the time I get a chance to rewrite the URL, hasn't my session cookie already been sent over an insecure channel?
Upvotes: 0
Views: 384
Answers (1)
Related Questions
- How to secure cookies in php?
- How to Secure Login Session
- Is cookie in https secure?
- Securing session and cookies
- Storing sessions in encrypted cookies
- Safe Login using Sessions & Cookies
- HTTPS session cookie and post security with PHP
- best way to secure sessions (consulting)
- How to protect session id and cookies without using SSL/HTTPS?
- secure sessions/cookies in php