Reputation: 7711
are cookies secure from hijacking over http
I see facebook sends cookies over http. How are they secure from hijacking? If I were to copy the cookie onto another computer would I be logged in?
Upvotes: 6
Views: 4261
Answers (3)
Reputation: 3309
Cookies sent over HTTP are unsecure, those sent over HTTPS are a bit more secure than HTTP, however they can still be stolen since there are a few methods discovered lately to hack SSL. A complete writeup on session hijacking and all of the session hijacking attacks can be found here: http://cleverlogic.net/tutorials/session-hijacking-0. There is also a bit on preventing Session Hijacking.
Upvotes: 0
Reputation: 17357
Cookies sent over HTTP (port 80) are not secure as the HTTP protocol is not encrypted.
Cookies sent over HTTPS (port 443) are secure as HTTPS is encrypted.
So, if Facebook sends/receives cookies via HTTP, they can be stolen and used nefariously.
Upvotes: 1
Related Questions
- Reading cookies via HTTPS that were set using HTTP
- HTTP Cookies and Ajax requests over HTTPS
- Insecure HTTP cookies
- Secure Cookies on http requests
- How does cookie work with HTTP?
- Is http-only cookie safe?
- Is cookie in https secure?
- Session Hijacking over HTTP
- Cookie security when passed over SSL
- Is a cookie secure in a HTTPS connection?