# Cookie tampering detected: HMAC signature validation failed for session cookie

- **ID:** `security/cookie-tampering-hmac-signature`
- **Domain:** security
- **Category:** auth_error
- **Error Code:** `SEC-3001`
- **Verification:** ai_generated
- **Fix Rate:** 85%

## Root Cause

The session cookie's HMAC signature does not match the expected signature computed from the cookie data, indicating the cookie was modified by the client or an attacker.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| Express.js 4.18 | active | — | — |
| Flask 2.3 | active | — | — |
| Django 4.2 | active | — | — |
| ASP.NET Core 7.0 | active | — | — |

## Workarounds

1. **Rotate the secret key and force all users to re-authenticate by clearing session stores. For Express.js: `app.use(session({ secret: 'new-secret', resave: false, saveUninitialized: true }))`** (90% success)
   ```
   Rotate the secret key and force all users to re-authenticate by clearing session stores. For Express.js: `app.use(session({ secret: 'new-secret', resave: false, saveUninitialized: true }))`
   ```
2. **Implement cookie integrity monitoring: log and alert on signature failures, then invalidate the session immediately. Example: In Flask, catch `BadSignature` from `itsdangerous` and redirect to login.** (75% success)
   ```
   Implement cookie integrity monitoring: log and alert on signature failures, then invalidate the session immediately. Example: In Flask, catch `BadSignature` from `itsdangerous` and redirect to login.
   ```

## Dead Ends

- **** — Regenerating the secret key but not invalidating existing sessions causes all current sessions to fail, leading to mass logout, but doesn't fix the root cause of tampering. (40% fail)
- **** — Disabling signature validation entirely in development to bypass the error leaves the application vulnerable in production. (50% fail)
- **** — Some attempt to use a weaker hash algorithm like MD5 to 'fix' performance, but this reduces security and may still fail if the signature format changes. (10% fail)