Sciweavers

SAC
2015
ACM

SecSess: keeping your session tucked away in your browser

8 years 6 months ago
SecSess: keeping your session tucked away in your browser
Session management is a crucial component in every modern web application. It links subsequent requests and temporary stateful information together, enabling a rich and interactive user experience. Unfortunately, the de facto standard cookie-based session management mechanism is imperfect, which is why session management vulnerabilities rank second in the OWASP top 10 of web application vulnerabilities [18]. While improved session management mechanisms have been proposed, none of them achieves compatibility with currently deployed applications or infrastructure components such as web caches. We propose SecSess, a lightweight session management mechanism that addresses common session management vulnerabilities by ensuring a session remains under control of the parties that established it. SecSess is fully interchangeable with the currently deployed cookie-based session management, and can be gradually deployed to clients and servers through an opt-in mechanism. Evaluation of our proof-...
Philippe De Ryck, Lieven Desmet, Frank Piessens, W
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where SAC
Authors Philippe De Ryck, Lieven Desmet, Frank Piessens, Wouter Joosen
Comments (0)