An experimental Go implementation of the Device Bound Session Credentials (DBSC) protocol for securing web sessions against cookie theft.
-
Updated
Mar 7, 2026 - Go
#
device-bound-session-credentials
Here are 3 public repositories matching this topic...
Device Bound Session Credentials (DBSC) for Node.js — Express, Fastify, Hono & Next.js middleware that binds session cookies to a hardware TPM key to stop cookie theft, with a Web Crypto polyfill for Firefox & Safari.
nodejs express typescript authentication nextjs chromium session-management web-security tpm fastify hono secure-enclave webauthn dbsc cookie-theft session-security cookie-security device-bound-session-credentials
-
Updated
Jun 15, 2026 - TypeScript
Device Bound Session Credentials (DBSC) for Symfony: protect sessions from cookie theft with hardware-bound keys.
security symfony symfony-bundle session tpm webauthn dbsc cookie-theft device-bound-session-credentials
-
Updated
Jun 6, 2026 - PHP
Improve this page
Add a description, image, and links to the device-bound-session-credentials topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the device-bound-session-credentials topic, visit your repo's landing page and select "manage topics."