Many web applications are vulnerable to session hijacking attacks due to the insecure use of cookies for session management. The most recommended defense against this threat is to completely replace HTTP with HTTPS. However, this approach presents several challenges (e.g., performance and compatibility concerns) and therefore, has not been widely adopted. In this paper, we propose “One-Time Coo...

1) Summary When I was smaller, a five megabyte fixed disk cost $5,000, a 300 bps modem cost hundreds of dollars, and communication links were intercepted by attaching devices to the target subscriber's local loop. From then to now there have been three great implosions: the cost of storage, the cost of bandwidth, and the cost of surveillance. The wake of the first two implosions sheared away mo...