Suche
Mein Konto
Delegation from the Saale-Holzland district visits Erlangen-Höchstadt!
On August 13, 2025, Erlangen-Höchstadt will receive a delegation from the Saale-Holzland district to strengthen cooperation. Find out more about the event and what cookies mean for the website.
Delegation from the Saale-Holzland district visits Erlangen-Höchstadt!
The technology behind modern websites is often overlooked, but it is crucial to security and functionality. An important topic is cookies, which play a central role in internet usage. More and more web developers are currently looking at best practices for how to securely manage cookies. But what exactly is behind these small data packets?
As the city of Erlangen-Höchstadt explains in a recent article [https://www.erlangen-hoechstadt.de/aktuelles/meldeen/delegation-aus-dem-saale-holzland-kreis-zu-gast-in-erh/], certain cookies are essential to keep websites functioning. Necessary cookies make it possible to save page adjustments such as privacy settings or to maintain a user session. For example, when someone fills out a form or logs in, this information is stored via cookies. What is particularly noteworthy is that these cookies do not store any personal data, which supports data protection.
The role of ASP.NET cookies
A typical example of required cookies is the ASP.NET_SessionId. This session cookie is used to manage the user session anonymously. Although these cookies are classified as necessary, there are some technical aspects that web developers should be aware of. Finally, according to Microsoft, it is important to change the default names of session IDs to prevent easy guessing. Also, the length of the session ID should be at least 128 bits to minimize brute force attacks.
Additionally, it is advisable to mark cookies with security attributes such as Secure and HttpOnly. These measures are crucial to ensure that sensitive data does not fall into the wrong hands. For example, any cookie associated with a session should only be sent over HTTPS. This protects against man-in-the-middle attacks and other threats that can result from insecure transmission of information.
Understand security risks
Another relevant topic is protection against attacks through Cross-Site Scripting (XSS). Hackers could otherwise be able to insert malicious scripts into a website and gain access to authentication cookies such as .ASPXAUTH. Should a hacker obtain this cookie value, they could take over the user session. These risks are also highlighted in Thomas Ardal's article, which covers cookies and security measures in ASP.NET. Recommended actions include disabling TRACE and TRACK requests in the Web.config file to prevent cross-site tracing and using the SameSite attribute for cookies.
These precautions ensure that cookies are only sent for first-party requests or top-level navigation, thereby closing a potential security vulnerability. Focusing on security in web development is more necessary than ever, and it's beneficial to keep up-to-date with the latest best practices and recommendations.
The combination of secure cookie management and user-friendly website design is crucial so that users and developers alike can benefit from advances in technology. After all, there is “something going on” in the digital world, and a well-founded approach is the key!