Cookie Forcing

Cookies are most often used to simply hold and exchange the session id with the application server. However, in some cases an application decides to implement a custom cookie. We all know this is generally a dangerous idea because the user can easily tamper with their cookies.

But, did you know that any attacker can easily tamper with your cookies too?

Origine de l’article :