Hi
So... I've been reading up a little bit about cookies and security. Only to find that you should encrypt the data in them and that they can be hacked by using javascript code.
Is this really the only way to hack/steal cookies? In my quest to create a safe login system I would use cookies for storing a token (encrypted), because unlike sessions, one cannot "ride" the session with the ID. You would have to hack/steal the cookie and duplicate it.
So basically I want to know if all I have to protect my cookies from is XSS, by filtering the URI input.
Thanks :)