The current mechanism implemented for Web session management implies exchanging session cookies between a Web application client (usually a browser) and a Web application server. Besides having privacy issues, the security of Web sessions can be affected by various reasons related to cookies. There are several vulnerabilities that threaten a Web application specifically related to cookies: theft, tampering, and/or forgery. Any of these vulnerabilities may favor session theft and/or unauthorized access using the identity of another user in the system. In this chapter, we ...