Using Cookies Session Tracking

Estudies4you
Security Issues
·         Irrespective of how good your Servlet Engine is, if your servlet program is not well written to handle security related aspects, your application is exploited to damage
·         Session information can be retrieved using 'Cookies', 'URL Rewriting', 'Hidden
o   Counterfeit Session State Information: Change userld such details
o   Logging of Sensitive Information: Printing password such info in log ales
o   Browser Residue: Information related to the user's interaction with application is stored in the browser's cache
·         Session information can be retrieved using 'Cookies', 'URL Rewriting', 'Hidden
o   URL Rewriting: Rewrite the URLs of the links of a web page
o   Eg: A link in page1 which redirects to page2 forms below url
§  http://currentaffairs2you.com/page2.jsp?username=Kiran&SessionId=201402
o   Hidden Fields: Contained in forms that are placed in a common frame of a frameset. A Java script code at client side can easily read hidden field values
o   Cookies: Enable information to be stored in users' browser. Reading cookies file shows all the information stored at client side
·         Avoiding above makes your program free from security issues

To Top