Printable View
I have a terrible doubt about cookies, especially those created at the time of login from some sites to "remember you."
The ID in the cookie is generated from some data only the hardware in your computer or not? Because if it were not enough to copy the cookie on another PC to be recognized as "you mentioned" no need to enter your username and password.
The term session hijacking refers to the exploitation of a valid computer session sometimes also called a session key - to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be stolen easily by an attacker using an intermediary computer or with access to the cookies saved on the victim's computer
Thanks!
I searched on google with cookies, how do cookies work, session cookies ... session hijacking but we had not thought.
Then the most are the sites that leave the password in clear text in cookies.