Cookies are bad for you

Most web applications today use browser cookies to keep a user logged in while she is using the application. Cookies are a decades-old device and they do not stand up well to security threats that have emerged on the modern web. In particular, cookies are vulnerable to cross-site request forgery. Web applications can by made more secure by using OAuth for session authentication.

This post is based on a talk that I gave at Open Source Bridge this year. The slides for that talk are available here.

Published by

Ben Powell

Ben Powell was born in Wales and after living in several European countries is now resident in Germany. He is a frequent blogger, software developer and a social techie.

Feel free to leave constructive comments that aren't spam!