Safeguard
Tag

session-security

Safeguard articles tagged "session-security" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Application Security

A hardening guide to securing Flask applications

Flask ships session cookies with HttpOnly on by default — but Secure, SameSite, CSRF tokens, and every security header are left entirely to you.

Jul 8, 20266 min read
Vulnerability Guides

What is CSRF (Cross-Site Request Forgery)?

CSRF makes a logged-in user's browser perform actions they never intended — changing an email, moving money, granting access — using the victim's own session. Here's how it works and how to stop it.

Jul 7, 20265 min read
Security Guides

Cookie Security Best Practices (2026)

Session cookies are the keys to your users' accounts. Here is how to set them so they cannot be stolen, forged, or leaked: the flags, the prefixes, and the parsing pitfalls.

Jul 6, 20266 min read
Regulatory Compliance

Django CSRF protection and common session security miscon...

Django's CSRF defaults are solid, but wildcards, exempted webhooks, and reordered middleware quietly undo them. Here's where django csrf misconfiguration actually happens.

Jan 27, 20267 min read
Vulnerability Analysis

Cross-site request forgery (CSRF) explained

CSRF forges authenticated requests using a victim's own session cookies. Learn how real attacks against Netflix and uTorrent worked, and how to stop them.

Dec 13, 20257 min read
Vulnerability Analysis

CVE-2023-30861: Flask session cookie disclosure to templates

CVE-2023-30861 lets caching proxies leak Flask session cookies between users when responses aren't marked Vary: Cookie. Here's who's affected and how to fix it.

Oct 4, 20258 min read
Vulnerabilities

CSRF Attacks: How They Work and How Tokens Stop Them

A CSRF attack rides a logged-in user's browser to forge requests they never meant to send. Here is the mechanism and why anti-CSRF tokens defeat it.

May 27, 20246 min read
Web Security

Cookie Security for Modern Web Applications

Cookie misconfigurations remain one of the most common web vulnerabilities. From SameSite to cookie prefixes, here is how to configure cookies that resist session hijacking and CSRF attacks.

Oct 5, 20225 min read
session-security — Safeguard Blog