How secure is the strategy used in which the cookie consists of base64 encoded

Question

0

Asked: June 10, 20262026-06-10T14:06:22+00:00 2026-06-10T14:06:22+00:00

How secure is the strategy used in which the cookie consists of base64 encoded

0

How secure is the strategy used in which the cookie consists of base64 encoded array content followed by (I believe) a SHA1 hash of that content salted with a long session_secret known only to the server? The hash is, as I understand it, a signature to prevent the client from tampering with the cookie contents. Is this system secure? In particular, could an attacker figure out how to forge the signature without having access to the session_secret? Are there any other vulnerabilities?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-10T14:06:23+00:00

Editorial Team

2026-06-10T14:06:23+00:00Added an answer on June 10, 2026 at 2:06 pm

SHA1 has known vulnerabilities, so if that’s what it uses, I wouldn’t recommend it. In theory, this can be exploited to forge the signature.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

How secure is the strategy used in which the cookie consists of base64 encoded

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply