cookies and sessions
play

Cookies and Sessions Thierry Security assumptions You have - PowerPoint PPT Presentation

Feb 03, 2023 •647 likes •783 views

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser Cookies The big picture key/value pairs data Client Side Server Side HTTP request

  1. Cookies and Sessions Thierry

  2. Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser

  3. Cookies

  4. The big picture key/value pairs data Client Side Server Side HTTP request HTTP response HTTP request HTTP response Web Browser Web Server

  5. Cookies Cookies are key/value pairs sent back and forth between the browser and the server in HTTP request and response

  6. Anatomy of a Cookie • Text data (Up to 4kb) • May (or may not) have an expiration date • Can be manipulated from the client and the server

  7. Manipulating cookies A cookie can be modified (without any cookie flag set) • on the server side express middleware : cookie • on the client side javascript : Document.cookie

  8. What cookies are useful for? • Shopping cart • Browsing preferences • User authentication • Tracking and advertisement

  9. Sessions

  10. The big picture session id Client Side Server Side HTTP request HTTP response HTTP request HTTP response Web Browser Web Server key/value pairs data

  11. The concept of session • There is a session id (aka token) between the browser and the web application • This session id should be unique and unforgeable (usually a long random number or a hash) • This session id is bind to key/value pairs data

  12. Where sessions values are stored • Session ID is stored in a cookie • Session key/value pairs are stored on the server

  13. Hacking sessions The user can create, modify, delete the session ID in the cookie But cannot access the key/value pairs stored on the server

Recommend

Java Programming Unit 15 HTTP Sessions and cookies Java

Java Programming Unit 15 HTTP Sessions and cookies Java

Java Programming Unit 15 HTTP Sessions and cookies Java Server Pages (c) Yakov Fain 2014 Synchronous and Asynchronous Servlets Java Servlets run

1.41k views • 32 slides
Objectives Review Servlets Deployment Configuration Sessions, Cookies Handling

Objectives Review Servlets Deployment Configuration Sessions, Cookies Handling

Objectives Review Servlets Deployment Configuration Sessions, Cookies Handling multiple requests Apr 29, 2019 Sprenkle - CS335 1 Servlets Review What application do we need to execute servlets? What class do all web

330 views • 29 slides
Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a response header, we can give the user information as a cookie All subsequent requests will contain these cookies in a header Since cookies work

475 views • 10 slides
Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical

Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical

Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical desktop application, a web application consists of a series of disconnected HTTP requests to a web server where each request for a server page is

660 views • 45 slides
CSE 154 LECTURE 22: SESSIONS Expiration / persistent cookies setcookie("name",

CSE 154 LECTURE 22: SESSIONS Expiration / persistent cookies setcookie("name",

CSE 154 LECTURE 22: SESSIONS Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week from now setcookie("CouponNumber", "389752",

308 views • 10 slides
Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide state Examples: Items in shopping cart AuthenFcaFon! Cookies Passwords! Username + Password = Cookie If I know your authenFcaFon

712 views • 7 slides
Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions

Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions

Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions 2 sessions sessions Main lesson: Maths Ideea Lab Arts Indonesian Health and English electives: Physical education Humanities Performing

3.3k views • 11 slides
COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your

COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your

CS 498RK FALL 2017 COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your computer so that a site can remember you and what you did on subsequent visits Browser Server first request http:/

475 views • 23 slides
PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses, shares, stores and manages your information. We have built our business based on (a) our integrity, (b) our sincere effort to meet your

206 views • 3 slides
IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th edition and online Perl Chapter of textbook) Cookies Example 1 JavaScript: Using Cookies Cookie Data stored on _____________ to maintain

263 views • 9 slides
Should Internet Cookies Be Further Regulated by the Government? Research Presentation by

Should Internet Cookies Be Further Regulated by the Government? Research Presentation by

Should Internet Cookies Be Further Regulated by the Government? Research Presentation by Kaitlin Burdick Overview Background Arguments For the Regulation of Cookies Arguments Against the Regulation of Cookies Conclusion

319 views • 13 slides
SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from https://www.httpwatch.com/httpgallery/cookies/ and https://www.httpwatch.com/httpgallery/headers/ HTTP client-server interaction review 1 Cookies

181 views • 4 slides
Cookies & Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART

Cookies & Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART

EAT COOKIES Cookies & Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART Assignment You might think Cookies and Milk are bought together... You would be wrong. There are no specific associations between

660 views • 9 slides
Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and

Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and

Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and ChemistryHuh!?!? Just like chocolate chip cookies have recipes, chemists have recipes as well Instead of calling them recipes, we call them reaction

677 views • 41 slides
IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th edition and online Perl Chapter of textbook) JavaScript: Using Cookies Cookie Data stored on _____________ to maintain information about client

342 views • 8 slides
Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9

Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9 JavaScript: Using Cookies Cookie Data stored on _____________ to maintain information about client during

765 views • 6 slides
I see a cookie banner Is it even legal? Nataliia Bielova and Cristiana Santos joint work with

I see a cookie banner Is it even legal? Nataliia Bielova and Cristiana Santos joint work with

This presentation contains cookies that will be stored in your memory to make sure you remember this presentation. By attending this presentation, you agree to the placement of these cookies. To learn more, read our Privacy Policy. I see a

512 views • 23 slides
SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python

SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python

SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python https://www.w3schools.com/js/js_cookies.asp https://docs.python.org/3/library/http.cookies.html

138 views • 9 slides
Retroactively estimating system clock skew from stored web browser cookies Contents 1. Why? 2.

Retroactively estimating system clock skew from stored web browser cookies Contents 1. Why? 2.

Retroactively estimating system clock skew from stored web browser cookies Contents 1. Why? 2. Mechanism for deriving skew from cookies 3. Data & data processing 4. Demonstration of algorithm Time. It matters. John is a suspect in a

470 views • 15 slides
Information Example

Information Example

IT350: Web & Internet Programming Set 15: Cookies Information Example https://www.usna.edu/Users/cs/adina/teaching/it350/fall2016/solutions/cookies/info.html (info link on todays calendar) How does the second page know what you

302 views • 8 slides
Lecture 4: Session Tracking Cookies allow us to maintain state, but are somewhat clumsy to

Lecture 4: Session Tracking Cookies allow us to maintain state, but are somewhat clumsy to

Lecture 4: Session Tracking Cookies allow us to maintain state, but are somewhat clumsy to program To keep detailed state information we probably need many cookies and we must store a lot of information within them Each cookie is only

466 views • 33 slides
Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f;

Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f;

Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f; Expires=Wed, 09 Jun 2012 10:18:14 GMT Name Value Expiration Time Browser returns cookies in headers of later requests: Cookie: session=0x4137fd6a CS

701 views • 4 slides
Graphing Crumbling Cookies AdKDD 2019 Matt Malloy, Jon Koller and Aaron Cahn What is a device

Graphing Crumbling Cookies AdKDD 2019 Matt Malloy, Jon Koller and Aaron Cahn What is a device

Graphing Crumbling Cookies AdKDD 2019 Matt Malloy, Jon Koller and Aaron Cahn What is a device graph? a dataset that organizes digital identifiers that we create as we use the internet identifiers (IDs): browser cookies or advertising

284 views • 11 slides
What Goes Together: Peanut Butter & Jam, Cookies & Milk Antiplatelets &

What Goes Together: Peanut Butter & Jam, Cookies & Milk Antiplatelets &

What Goes Together: Peanut Butter & Jam, Cookies & Milk Antiplatelets & Anticoagulants??? Lily Lin and Kevin Kwok LMPS Pharmacy Residents December 10, 2019 Preceptor: Elaine Lum 1 Learning Objectives Review the mechanism of

1.27k views • 87 slides

More recommend