From the course: ASP.NET: Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Securing cookies
- [Instructor] From a security perspective, cookies are pretty interesting because they can be manipulated so easily, and therefore, they may require additional protection. So how does this work when the web browser, the client, sends an HTTP request to the server, the server may respond with any kind of response, and set a cookie as part of that response using the Set-Cookie HTTP header. In that header, we have a cookie name, and most of the time, a cookie value, but we can't have other parameters as well, for instance, in which path is this cookie valid, and how long the cookie is allowed to live. So does the cookie have an expiration date? If so, it lives up 'til that date. Maybe that not long, or doesn't have an expiration date then the cookie will be deleted usually when the browser's being closed. The client is storing the cookie information, and with each subsequent request through the same server, the cookie is set back, but not all of the metadata of the cookie, but only the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
(Locked)
Introduction27s
-
(Locked)
Securing cookies6m 11s
-
(Locked)
Securing sessions6m 7s
-
Setting cookie attributes in the app1m 37s
-
(Locked)
Enforcing HTTPS3m 12s
-
(Locked)
Error handling4m 6s
-
(Locked)
Hiding server information2m 50s
-
(Locked)
Hiding more server information3m 34s
-
(Locked)
Security HTTP headers4m 15s
-
(Locked)
-