# Cookies and Session Management Security Summer School --- ## HTTP - simple - stateless --- ## Cookies - key/value pair - stored on client side - domain and path - same origin policy - expires - secure - http-only --- ## Sessions - authentication - session hijacking - authorization --- ## Vulnerabilities - path traversal - insecure direct object references --- ## (Google) Dorking - robots.txt - sitemap.xml