Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Question about session-based cookies vs session-based tokens vs session based api keys
published on 2025-04-12 19:04:12 UTC by /u/Successful_Box_1007Content:
Hi everybody,
I’ve got two (mostly unrelated questions if anyone can help me). The more I read the more I’m confused about session based cookies vs session based tokens vs session based api keys; I even see some sites perhaps using the word “key” instead of token.
Question 1: If session-based cookies are so unsafe, why do Amazon and Banks use them? What’s stopping someone from hijacking the cookie and buying a ton of stuff on my Amazon account or doing the same to my bank account?
Question 2: I have been reading about crypto trading bots and I read that the bots are dangerous because the bot maker could steal your api key; Is there a way to use them where they don’t need these api keys? Why don’t these bots use other session-based methods like what I read about called JWT tokens or Oauth?
[link] [comments]
https://www.reddit.com/r/netsec/comments/1jxoqgz/question_about_sessionbased_cookies_vs/
Published: 2025 04 12 19:04:12
Received: 2025 04 12 19:15:18
Feed: /r/netsec - Information Security News and Discussion
Source: /r/netsec - Information Security News and Discussion
Category: Cyber Security
Topic: Cyber Security
Views: 11
