Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

Cookie hash

Cookie hash

(also hashed cookie, hash cookie)

Cookie hash definition

In cybersecurity, a cookie hash is the hashed value derived from the contents of a cookie (a small piece of data with information about the user). A cookie hash protects sensitive information stored in the cookie (including user identifiers and authentication tokens) from unauthorized access.

See also: cookie theft, persistent cookie, secure cookie, session cookie, tracking cookie, cryptographic hash function, hash function, hashing

How cookie hashing works

Hashing is a cryptographic process that transforms data into a fixed-length string of characters known as a “hash value” (or simply a “hash”). When a server needs to store sensitive data in a cookie, it applies a hash function to that data to generate a secure fixed-length hash.

Because hashing is a one-way function, it’s computationally infeasible to reverse-engineer the original data from the derived hash value. Instead of storing the cookies themselves, servers store their hashes — this way, even if there is a data breach, attackers will not be able to glean any sensitive information from the stolen cookie hashes.

Cookie hash verification

Cookie hash verification involves comparing the hash value of a user-submitted cookie with the hash value stored on the server. When a browser sends a cookie back to the server for verification, the latter runs it through the hash function again — if the results are identical to the stored value, the cookie has not been tampered with.

Popular cookie hashing algorithms

  • SHA-256 (Secure Hash Algorithm 256-bit)
  • bcrypt
  • Argon2

Further reading

Ultimate digital security