|
|
|
|
|
|
by kniht
4734 days ago
|
|
|
It's also possible to make the cookies non-exportable using a similar technique called channel binding[1], where the cookie is linked to the TLS channel it's minted over. This is a lot more powerful than baking in the IP address when HMAC-ing the cookie but requires modification to the browser and server to get it up and running. [1] http://www.browserauth.net/channel-bound-cookies |
|
|