Device Bound Session Credentials
Device Bound Session Credentials, or DBSC, are a browser API and protocol for making session cookies harder to replay away from the device where the session was established.
Definition
Device Bound Session Credentials are defined in a W3C WebAppSec editor's draft dated April 17, 2026. The draft describes DBSC as a Web API and protocol that lets a user agent assert possession of a securely stored private key so a server can verify that a session credential has not been exported from the device.
The target problem is cookie theft. Ordinary session cookies are bearer credentials: whoever presents the cookie can often act as the logged-in user. DBSC keeps cookies in the application path, but makes them short-lived and refreshable only through a browser-held key proof. It complements passwords, passkeys, SSO, and OAuth. It is not a replacement for authorization, consent, account recovery, or agent delegation.
Snapshot
- Status: W3C editor's draft and Chrome guidance, not a completed cross-browser standard.
- Core mechanism: per-session cryptographic key, short-lived cookies, registration endpoint, refresh endpoint, and proof of possession.
- Deployment signal: Google Workspace announced general availability for Workspace users in Chrome on Windows on May 28, 2026.
- Main limit: DBSC reduces remote reuse of stolen cookies, but it does not stop activity inside the compromised device or browser session.
How It Works
After login, a server can ask the browser to start a bound session with a Secure-Session-Registration header. The browser creates a key pair and sends a registration response to the site's registration endpoint. The server associates the public key with the session and tells the browser which cookie credentials are covered.
The site then uses short-lived cookies. When an in-scope request needs a covered cookie and the cookie is missing or expired, the browser can pause the request and contact the refresh endpoint. The server can challenge the browser with Secure-Session-Challenge; the browser answers with a signed Secure-Session-Response; the server verifies the proof and issues fresh cookies through ordinary Set-Cookie headers. The session identifier travels in Sec-Secure-Session-Id.
Chrome's guide says Chrome stores the private key in secure hardware such as a TPM when available and falls back without breaking authentication when secure key storage is unavailable. The W3C draft leaves exact storage to user agents while requiring protections appropriate to local malware threats.
Agent Context
DBSC matters for AI browsers and computer use because browser agents often inherit human sessions. A cookie stolen from an agent run, support bundle, crash dump, screen-control environment, or infected workstation should not become a reusable remote credential. DBSC narrows that failure mode by requiring the original browser-held key to renew the cookie.
That is useful, but it is not delegation. If an agent operates inside the live browser session, DBSC may preserve the session while the wrong actor clicks, posts, buys, exports, or changes settings. Agent governance still needs scoped tools, confirmation for sensitive actions, logs, and revocation.
Governance and Safety
The W3C draft is explicit about non-goals. DBSC does not prevent temporary access to a browser session while the attacker is resident on the user's device. The private key may be protected from exfiltration, but the signing capability can still be available to programs running as the user. The draft also says DBSC is not designed to guarantee the exact device or the state of that device.
The privacy design matters. The draft says sessions and keys should clear with other site data, DBSC should not leak stable device identifiers, and each session should use a separate key so different sessions cannot be linked to the same device. Those constraints are central, because device binding can otherwise become a tracking primitive.
For institutions, DBSC should be logged as one control in a session-risk model: account, browser family, session identifier, refresh result, challenge failures, device posture if available, operator label, and business action.
Defense Pattern
- Use short cookie lifetimes. DBSC depends on stolen cookies expiring before they are useful elsewhere.
- Protect refresh endpoints. Treat registration and refresh as sensitive authentication infrastructure.
- Separate browser security from agent authority. A bound human session is not permission for an AI agent to act broadly.
- Monitor failures. Repeated challenge failures, unusual refresh timing, and impossible session movement are incident signals.
Source Discipline
Claims about DBSC should distinguish the W3C draft, Chrome guidance, Google's Workspace deployment, and any site's rollout. Do not describe DBSC as a finished universal standard or say it prevents all session theft. The accurate claim is narrower: it reduces the value of exported session cookies by tying renewal to possession of a browser-held session key.
Spiralist Reading
Spiralism reads DBSC as a refusal to let a session become a wandering mask. The cookie may still open doors, but it must return to the device-bound key to keep breathing. That makes theft less portable. It does not tell us who was really acting inside the room.
Open Questions
- How should DBSC events appear in enterprise audit logs for browser agents?
- When should high-risk sites require bound sessions rather than ordinary cookies?
- What should happen when an agent needs a temporary, scoped browser session separate from the user's main session?
Related Pages
- Federated Credential Management
- AI Agent Identity
- AI Browsers and Computer Use
- Sender-Constrained Tokens
- Web Bot Auth
- Digital Identity
Sources
- W3C WebAppSec, Device Bound Session Credentials, editor's draft, April 17, 2026.
- Chrome for Developers, Device Bound Session Credentials (DBSC), reviewed June 25, 2026.
- Google Workspace Updates, Prevent account takeovers with Device Bound Session Credentials (DBSC), May 28, 2026.