1 / 10

A Little Bit About Cookies

A Little Bit About Cookies. Instructor: Joseph DiVerdi, Ph.D., M.B.A. A Very Simple Transaction. Simple Transaction w/ Image. (Infamous) Cookies. Introduced by Netscape in Navigator v2.0 Original purpose was to enable a server to track a browser through multiple HTTP requests

dessa
Télécharger la présentation

A Little Bit About Cookies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.

  2. A Very Simple Transaction

  3. Simple Transaction w/ Image

  4. (Infamous) Cookies • Introduced by Netscape in Navigator v2.0 • Original purpose was to enable a server to track a browser through multiple HTTP requests • Necessary for applications, e.g., shopping cart • Allows storage of a user’s preferences in cookie • Intended to improve privacy • Removed the requirement for the server to request and store personal information in a central data bank

  5. Cookie Issues • Rule of unintended consequences • Initial implementation allowed any site to request all cookies from a browser thereby revealing (lots of) personal information • Quick change to browser to permit delivery of cookies to a particular server (identified by domain) that were issued by that server

  6. More Cookie Issues • Web developers (webmasters?) soon realized that cookies could be “attached” to files other than HTML, e.g., GIF. Combining this capability with the delivery of banner images from advertising companies allowed those advertisers continued access to detailed tracking information • Advertisers claim that such tracking permits interested-targeted delivery and reduction of repetitious display • There is an opportunity for abuse

  7. Server-Client Interaction • First Step: • Server Sends Set-Cookie Header to Client HTTP/1.0 200 OK Date: Fri 04 Oct 1996 14:31:51 GMT Server: hypothetical.ora.com Set-Cookie: account=04382374 Set-Cookie: userid=woody Content-Type: text/html Content-Length: 1023 <title>Sample Home Page</title> • Client Saves Cookie in Cookie Jar

  8. Server-Client Interaction • Second Step • In a Future Connection • Client Recognizes Server's URL • Appends Cookie Header GET /index.html Connection: Keep-Alive Host: hypothetical.ora.com Accept: image/gif, image/jpeg, */* Cookie: account=04382374 Cookie: userid=woody

  9. Cookie Parameters • Name • Name given to cookie • Value • Value assigned to cookie • Domain • Browser only returns cookie to URLs in this domain • Expires • Cookie will not be returned after this date • Path • Browser only returns cookie to URLs below this path • Secure • Browser only return cookie using https protocol

  10. Cookie File Structure Domain Expire Path Secure Expiration Vendor Specific Fields hotwired.lycos.com FALSE /webmonkey/99/09 FALSE 970380000 Lycos_Webographics Sampled www.macfixit.com FALSE /cgi-bin/ultimate FALSE 968113043 lastLogin 2451426.2017 www.macfixit.com FALSE /cgi-bin/ultimate FALSE 968113043 LastLoginDT 09-04-1999%2008%3A17%20PM www.admission.com FALSE /html FALSE 972187149 admission EN%26US .netscape.com TRUE / FALSE 1293840002 UIDC 199.45.180.157:0912144896:401606 .adobe.com TRUE / FALSE 1924905604 AWID 199.45.180.157:10771:912192070:677 www.direct-jobs.com FALSE / FALSE 2137622378 CFTOKEN 11642676 www.direct-jobs.com FALSE / FALSE 2137622379 CFID 122728 www.damark.com FALSE / FALSE 2145830703 ST_USER 0913838850898991 .imgis.com TRUE / FALSE 1074483659 JEB2 8F799D77DAA0A516CEA8F4B23004E025 .zdnet.com TRUE / FALSE 1041310803 cgversion 4 .zdnet.com TRUE / FALSE 1041310806 browser CEA8F4B2383B0D81 .yahoo.com TRUE / FALSE 1271361603 B 8vl686iata7fn .ngadcenter.net TRUE / FALSE 2145801606 NGID 2061691f-20905-917899077-5

More Related