Hashing Cookies in Redis (Spring)
Hello! I'm looking into Spring Session /w Redis for Persistent HTTP Sessions, however when testing locally I'm seeing that the HTTP Session ID is stored in the Redis Cache, and Spring Default Cookie appears to be a base64 encoded string of that Session ID.
Is there a way for me to Hash the ID before it's put in? That way if our Redis Cache leaks, we don't allow hackers to steal cookies? (We could IP check, but I'd rather do both tbh, instead of just one)
Ideally with a Spring Property, or a simple Spring bean would be best.
Is there a way for me to Hash the ID before it's put in? That way if our Redis Cache leaks, we don't allow hackers to steal cookies? (We could IP check, but I'd rather do both tbh, instead of just one)
Ideally with a Spring Property, or a simple Spring bean would be best.
