Cookie Poisoning
Cookie poisoning modifies the contents of a cookie after it has been generated and sent by the web service to the client’s browser so that the newly modified cookie can be used to exploit vulnerabilities in the web app.
- to counter,
- validate the input of your web app to account for tampered-with cookies
- encrypt cookies during transmission and storage
- delete cookies from the browser cache when the client terminates the session