cargo run# navigate to http://127.0.0.1:8080/login
# Find the Cookie: In your browser (CMD + Shift + i) -> Application - Cookies
echo "<copied_cookie>" | base64 --decode
# results would look smth like this:
# {"user_id":101,"name":"Bruce Wayne","email":"b.wayne@gotham.uni","is_admin":false}
# The attacker has just captured sensitive Personally Identifiable Information (PII) without needing to breach the serverVisit http://127.0.0.1:8080/login-secure
-
This new version is vastly more secure because it follows modern best practices:
-
No Sensitive Data in Cookies: The cookie contains a session token, not user details. If an attacker steals this cookie, they get a random string of characters, not PII. The actual user data remains safe on the server.
-
Secure Cookie Flags: We've configured the cookie with critical security flags: - secure(true): The browser will only send this cookie over an encrypted HTTPS connection, preventing sniffing on public Wi-Fi. - http_only(true): This flag blocks JavaScript from accessing the cookie, which is a primary defense against cookie theft via Cross-Site Scripting (XSS) attacks. - same_site(SameSite::Lax): Provides strong defense against Cross-Site Request Forgery (CSRF) attacks.
-
Short Expiry Time: The cookie is set to expire in 15 minutes (max_age). A shorter lifetime reduces the window of opportunity for an attacker to steal and use the cookie.