How to protect web application from cookie stealing attack?
问题 My web application's authentication mechanism currently is quite simple. When a user logs in, the website sends back a session cookie which is stored (using localStorage ) on the user's browser. However, this cookie can too easily be stolen and used to replay the session from another machine. I notice that other sites, like Gmail for example, have much stronger mechanisms in place to ensure that just copying a cookie won't allow you access to that session. What are these mechanisms and are