Cookie hash definition
In cybersecurity, a cookie hash is the hashed value derived from the contents of a cookie (a small piece of data with information about the user). A cookie hash protects sensitive information stored in the cookie (including user identifiers and authentication tokens) from unauthorized access.
See also: cookie theft, persistent cookie, secure cookie, session cookie, tracking cookie, cryptographic hash function, hash function, hashing
How cookie hashing works
Hashing is a cryptographic process that transforms data into a fixed-length string of characters known as a “hash value” (or simply a “hash”). When a server needs to store sensitive data in a cookie, it applies a hash function to that data to generate a secure fixed-length hash.
Because hashing is a one-way function, it's computationally infeasible to reverse-engineer the original data from the derived hash value. Instead of storing the cookies themselves, servers store their hashes — this way, even if there is a data breach, attackers will not be able to glean any sensitive information from the stolen cookie hashes.
Cookie hash verification
Cookie hash verification involves comparing the hash value of a user-submitted cookie with the hash value stored on the server. When a browser sends a cookie back to the server for verification, the latter runs it through the hash function again — if the results are identical to the stored value, the cookie has not been tampered with.
Popular cookie hashing algorithms
- SHA-256 (Secure Hash Algorithm 256-bit)
- bcrypt
- Argon2
