Broken Authentication Via Cookie Manipulation
What is a session cookie used for?
What does 'base64 encoding' do to a cookie's data?
What should be done to prevent session cookie manipulation?
Which attribute prevents JavaScript from accessing session cookies?
How can an application prevent session fixation attacks?
Why should the Secure attribute be used with session cookies?