May 23
HttpCookieは永続的な窃盗を防げるのが大きな違い。
被害者がブラウザを閉じれば攻撃は受けない。
まあ攻撃者がしっかり攻撃を設計してたら被害の大きさはあんまり変わらなくなりそうではある。
詳しい記事は↓
localStorageにJWT突っ込んだらダメみたいな話、わかってないけどなんでダメなの?
フロントエンドをSSRしないならCSRF対策が厳しいし、そもそもXSSされたらAPIサーバに任意のリクエスト投げられるし、httpOnly cookieも意味なくないか?
2
2
15
31,957
19 Feb 2025
HttpCookie AuthCookie = new HttpCookie("IsAuthenticated");
AuthCookie.Value = "true";
AuthCookie.Expires = DateTime.Now.AddDays(69);
Response.Cookies.Add(AuthCookie);
2
1
93
7 Nov 2022
WEBトラッキングチャンネル更新です。
youtu.be/8RwxGpcWxvo
アフィリエイトモデルとは言え、HTTPCookieやLocalStorageなど不要のパターンもあります。
ASPは"メディアと直取引が難しい広告主を繋げる営業的な部分を担う会社"なので、直取引可能であればローテクな仕組みで計測する事が可能です。
3
21
14 Feb 2022
@ iOS Leute: kann man in einer intelligenten Art und Weise Klassen wie z.b. HTTPCookie in JSON umwandeln?
Un-intelligent fände ich jedes Propertie manuell in ein anderes Struct zu geben, welches Codable ist. Problem ist nämlich, dass einige Werte komische private Types haben.
1
2
22 Jul 2021
Parsing cookie strings in Java with HttpCookie
{ author: @pavel_polivka } #DEVCommunity
dev.to/pavel_polivka/parsing…
1
22 Jul 2021
#becausewebsitematters Parsing cookie strings in Java with HttpCookie reddit.com/r/programming/com… via @4dollarwebsite
2
2
28 Nov 2020
Always keep better things on priority!
#HTS #HTSSolutions #tls #sslcertificate #sslcertificates #SslConsole #https #Https4Me #httpsxedit #http #httpcookie #Marketing #Server #hosting
2
8 Nov 2020
One single vulnerability is all that a hacker needs.
#HTS #HTSSolutions #sslcertificate #sslcertificates #SslConsole #https #Https4Me #httpsxedit #http #httpcookie #Marketing #Server #hosting
1
Main gotchas:
Serialization, HttpCookie, IIS module replacement, static files (to wwwroot if not there), cache-control headers, ...
It really depends on the complexity of your app, from my experience. AWS created a Porting Assistant some months ago to assess the effort.
2
28 Jun 2019
In 11 lines of code we have:
- SQL Injection
- Incorrect Storage (Passwords)
- Insufficient Session ID ("true" 😭)
- Insufficient Cookie Security (HttpCookie defaults secure and http only to false)
If this is the state of education is it a surprise security is a problem?! 😖
28 Jun 2019
@CTIEduGroup @pearsoninstitut
This is NOT how you teach students to create login pages. Please update your syllabus to protect future employers from horrible code like this. #sqlinjection #cookiehijacking #appsecfail #resourceleakage #sessionlesslogin
CC:
@troyhunt
2
25
38
6 Apr 2019
Wondered what peeps thought of g-scout (#security tool for #GCP)...
1. Search g-scout
2. Notice most results refer to “g-scout cookies”
3. Wonder what relation g-scout has with #HTTPcookie
4. Google “g-scout cookie”
5. Realise everyone’s talking about Girl Scout Cookies...🤦🏼♀️
4
22 Oct 2017
ASP.NET HttpCookie parsing, GC Performance Improvements. .NET Standard 2.0 Support, SHA-2 support.
In that order for me :)
Personally I don't use Windows Forms anymore.
23 Sep 2017
1
1
22 Aug 2017
Артур спрашивает: «Как передать переменную на другой домен с помощью js?» #javascript #httpcookie goo.gl/fWVWyW
2
16 Jul 2017
Cacti Input Validation Flaws in 'link.php' and 'aggregate_graphs.php' Le.. #CrosssiteScripting #HTML #HTTPCookie tinyurl.com/ybg7wb7b
1
12 Dec 2016
HttpCookie(System.Web)だからWebforms でも MVC でも Cookie Subkey 使えるのか miso-soup3.hateblo.jp/entry/…
