cookies cookies
play

Cookies Cookies HTTP is stateless To "remember" a user - PowerPoint PPT Presentation

Jul 28, 2023 •362 likes •475 views

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a response header, we can give the user information as a cookie All subsequent requests will contain these cookies in a header Since cookies work

  1. Cookies

  2. Cookies • HTTP is stateless • To "remember" a user we use cookies • In a response header, we can give the user information as a cookie • All subsequent requests will contain these cookies in a header • Since cookies work through headers: ASCII only

  3. Cookie Headers • Set-Cookie • Use this header in your response to tell a client to set a cookie • Cookie • The client will send all Cookies with each request using this header

  4. Set-Cookie • The Set-Cookie header is used by servers to tell the client to set a cookie • Cookies are sent as key-value pairs • Syntax: • <key>=<value> • Example: • Set-Cookie: id=X6kAwpgW29M • Set-Cookie: visits=4

  5. Cookie • Header used by clients to deliver all cookies that have been set • Syntax [Same as Set-Cookie]: • <key>=<value> • Multiple cookies separated by ; • Example: • Cookie: id=X6kAwpgW29M; visits=4

  6. Client-Side Cookies • The client can also set and change their cookies • Do not trust the value stored in a cookie • If a cookie is important for security • Verify its validity • Client can read/set cookies with JavaScript • So can attackers! • Access cookies with "document.cookie"

  7. Cookie H ij acking • Cookies are often used for authentication • Set a cookie at logon to remember that the user is authenticated • Prevents sending username/password with every request • What if someone steals your cookies? • They can authenticate as you without needing your password • They would have to get their JavaScript running in your browser

  8. Directives • Can add directives when setting a cookie • Separate directives with ; • Expires • The exact time when the cookie should be deleted • Must be in the format: • <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT • Set-Cookie: id=X6kAwpgW29M; Expires: Wed, 12 Feb 2020 13:42:32 GMT • Max-Age • Set the number of second before the cookie expires • Set-Cookie: id=X6kAwpgW29M; Max-Age: 3600 • If neither Expires nor Max-Age are set, the cookie will be deleted when the user ends the session

  9. Directives • Secure • Only send this cookie over HTTPS • HttpOnly • Don't let anyone read or set this cookie using JavaScript • Prevents hijackers from reading your cookies • Set-Cookie: id=X6kAwpgW29M; Secure; HttpOnly

  10. Directives • Path • Specify a prefix that the path must match for the cookie to be sent • Set-Cookie: id=X6kAwpgW29M; Path: /posts • Cookie is only sent when the requested path begins with /posts

Recommend

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide state Examples: Items in shopping cart AuthenFcaFon! Cookies Passwords! Username + Password = Cookie If I know your authenFcaFon

712 views • 7 slides
COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your

COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your

CS 498RK FALL 2017 COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your computer so that a site can remember you and what you did on subsequent visits Browser Server first request http:/

475 views • 23 slides
PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses, shares, stores and manages your information. We have built our business based on (a) our integrity, (b) our sincere effort to meet your

206 views • 3 slides
IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th edition and online Perl Chapter of textbook) Cookies Example 1 JavaScript: Using Cookies Cookie Data stored on _____________ to maintain

263 views • 9 slides
Should Internet Cookies Be Further Regulated by the Government? Research Presentation by

Should Internet Cookies Be Further Regulated by the Government? Research Presentation by

Should Internet Cookies Be Further Regulated by the Government? Research Presentation by Kaitlin Burdick Overview Background Arguments For the Regulation of Cookies Arguments Against the Regulation of Cookies Conclusion

319 views • 13 slides
SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from https://www.httpwatch.com/httpgallery/cookies/ and https://www.httpwatch.com/httpgallery/headers/ HTTP client-server interaction review 1 Cookies

181 views • 4 slides
Cookies &amp; Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART

Cookies &amp; Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART

EAT COOKIES Cookies &amp; Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART Assignment You might think Cookies and Milk are bought together... You would be wrong. There are no specific associations between

660 views • 9 slides
Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and

Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and

Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and ChemistryHuh!?!? Just like chocolate chip cookies have recipes, chemists have recipes as well Instead of calling them recipes, we call them reaction

677 views • 41 slides
IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th edition and online Perl Chapter of textbook) JavaScript: Using Cookies Cookie Data stored on _____________ to maintain information about client

342 views • 8 slides
Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9

Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9 JavaScript: Using Cookies Cookie Data stored on _____________ to maintain information about client during

765 views • 6 slides
I see a cookie banner Is it even legal? Nataliia Bielova and Cristiana Santos joint work with

I see a cookie banner Is it even legal? Nataliia Bielova and Cristiana Santos joint work with

This presentation contains cookies that will be stored in your memory to make sure you remember this presentation. By attending this presentation, you agree to the placement of these cookies. To learn more, read our Privacy Policy. I see a

512 views • 23 slides
SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python

SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python

SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python https://www.w3schools.com/js/js_cookies.asp https://docs.python.org/3/library/http.cookies.html

138 views • 9 slides
Retroactively estimating system clock skew from stored web browser cookies Contents 1. Why? 2.

Retroactively estimating system clock skew from stored web browser cookies Contents 1. Why? 2.

Retroactively estimating system clock skew from stored web browser cookies Contents 1. Why? 2. Mechanism for deriving skew from cookies 3. Data &amp; data processing 4. Demonstration of algorithm Time. It matters. John is a suspect in a

470 views • 15 slides
Information Example

Information Example

IT350: Web &amp; Internet Programming Set 15: Cookies Information Example https://www.usna.edu/Users/cs/adina/teaching/it350/fall2016/solutions/cookies/info.html (info link on todays calendar) How does the second page know what you

302 views • 8 slides
Lecture 4: Session Tracking Cookies allow us to maintain state, but are somewhat clumsy to

Lecture 4: Session Tracking Cookies allow us to maintain state, but are somewhat clumsy to

Lecture 4: Session Tracking Cookies allow us to maintain state, but are somewhat clumsy to program To keep detailed state information we probably need many cookies and we must store a lot of information within them Each cookie is only

466 views • 33 slides
Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f;

Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f;

Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f; Expires=Wed, 09 Jun 2012 10:18:14 GMT Name Value Expiration Time Browser returns cookies in headers of later requests: Cookie: session=0x4137fd6a CS

701 views • 4 slides
Graphing Crumbling Cookies AdKDD 2019 Matt Malloy, Jon Koller and Aaron Cahn What is a device

Graphing Crumbling Cookies AdKDD 2019 Matt Malloy, Jon Koller and Aaron Cahn What is a device

Graphing Crumbling Cookies AdKDD 2019 Matt Malloy, Jon Koller and Aaron Cahn What is a device graph? a dataset that organizes digital identifiers that we create as we use the internet identifiers (IDs): browser cookies or advertising

284 views • 11 slides
What Goes Together: Peanut Butter &amp; Jam, Cookies &amp; Milk Antiplatelets &amp;

What Goes Together: Peanut Butter &amp; Jam, Cookies &amp; Milk Antiplatelets &amp;

What Goes Together: Peanut Butter &amp; Jam, Cookies &amp; Milk Antiplatelets &amp; Anticoagulants??? Lily Lin and Kevin Kwok LMPS Pharmacy Residents December 10, 2019 Preceptor: Elaine Lum 1 Learning Objectives Review the mechanism of

1.27k views • 87 slides
Session 20 Data Sharing &amp; Cookies 1 Reading &amp; Reference Reading Shared scopes

Session 20 Data Sharing &amp; Cookies 1 Reading &amp; Reference Reading Shared scopes

Session 20 Data Sharing Session 20 Data Sharing &amp; Cookies 1 Reading &amp; Reference Reading Shared scopes Java EE 7 Tutorial Section 17.3 Reference http state management www.ietf.org/rfc/rfc2965.txt Cookies

656 views • 23 slides
Time skew analysis using web cookies Bj orgvin Ragnarsson 07-03-2013 Time skew analysis using

Time skew analysis using web cookies Bj orgvin Ragnarsson 07-03-2013 Time skew analysis using

Time skew analysis using web cookies Bj orgvin Ragnarsson 07-03-2013 Time skew analysis using web cookies 1 / 17 The problem Timestamps are important for forensics... ...but the timekeeper is unreliable How far off was the

445 views • 17 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 29 March 2007 SYN Cookies (contd) SYN Cookies (contd) SYN cookies are particular choices of initial TCP sequence numbers

868 views • 62 slides
Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser Cookies The big picture key/value pairs data Client Side Server Side HTTP request

783 views • 13 slides
This time Continuing with Web Security Cookies XSS &amp; CSRF Required reading for this

This time Continuing with Web Security Cookies XSS &amp; CSRF Required reading for this

This time Continuing with Web Security Cookies XSS &amp; CSRF Required reading for this lecture: Web Security: Are You Part Of The Problem? Cross Site Request Forgery: An Introduction HTTP GET requests Contain headers.

1.77k views • 148 slides
Introduction By: Diane Flanagan Introduction Christmas Cookies Blessing Bags

Introduction By: Diane Flanagan Introduction Christmas Cookies Blessing Bags

Introduction By: Diane Flanagan Introduction Christmas Cookies Blessing Bags Lifes First Aid Kits NAMI walk Letters to the Troops Summary The R2R group met for the first time in November 2012 as a volunteer

683 views • 10 slides

More recommend