07-10-2016, 11:11 AM
http_cgi_cookies.ppt (Size: 61.5 KB / Downloads: 4)
What is a Cookie?
A cookie is a piece of information stored in a text file that the Web browser places on the user’s computer.
Next time the user visits the same Web site, the information of the cookie will be accessible by the pages from this Web site.
More About Cookies…
Cookies are not
A virus
Cookies are
Just text
Cookies are not
Executables
And therefore
Cannot spread a virus
Only one Site can
Read the cookie it left on your computer
This means that other sites
Cannot “steal” cookies left from different sites
Types Of Cookies
Session Cookies – these are temporary and are erased when we close our browser at the end of our session.
Persistent Cookies - these remain on our hard drive until we erase them or they expire.
Example Cookie Use
Web Site Acme.com wants to track the number of unique visitors who access its site.
If Acme.com checks the HTTP Server logs, it can determine the number of “hits”, but cannot determine the number of unique visitors.*
That’s because HTTP is stateless. It retains no memory regarding individual users.
Cookies provide a mechanism to solve this problem.
Tracking Unique Visitors
Step 1: Person A requests home page for acme.com
Step 2: Acme.com Web Server generates a new unique ID.
Step 3: Server returns home page plus a cookie set to the unique ID.
Step 4: Each time Person A returns to acme.com, the browser automatically sends the cookie along with the GET request.
Cookie Conversation
Cookie Notes
Cookies cannot be larger than 4K
No domain (e.g. netscape.com, microsoft.com) can have more than 20 cookies.
Cookies stay on your machine until:
they automatically expire
they are explicitly deleted
Cookies work the same on all browsers. No cross-browser problems here!
Why use Cookies?
Tracking unique visitors
Creating personalized web sites
Shopping Carts
Tracking users across your site:
e.g. do users that visit your sports news page also visit your sports store?
Cookies for Everyone?
Clients can
Disable cookies from their browser.
Some Appliances
Cannot take cookies at all
Cell phone –
Cookie Anatomy
Version 0 specifies six cookie parts:
Name
Value
Domain
Path
Expires
Secure
Cookie Parts: Name/Value
Name
Name of your cookie (Required)
Cannot contain white spaces, semicolons or commas.
Value
Value of your cookie (Required)
Cannot contain white spaces, semicolons or commas.
Cookie Parts: Domain
Only pages from the domain which created a cookie are allowed to read the cookie.
For example, amazon.com cannot read yahoo.com’s cookies (imagine the security flaws if this were otherwise!)
By default, the domain is set to the full domain of the web server that served the web page.
For example, myserver.mydomain.com would automatically set the domain to .myserver.mydomain.com
Cookie Parts: Domain
Note that domains are always prepended with a dot.
This is a security precaution: all domains must have at least two periods.
You can however, set a higher level domain
For example, myserver.mydomain.com can set the domain to .mydomain.com. This way hisserver.mydomain.com and herserver.mydomain.com can all access the same cookies.
No matter what, you cannot set a domain other than your own.
Cookie Parts: Path
Restricts cookie usage within the site.
By default, the path is set to the path of the page that created the cookie.
Example: user requests page from mymallstorea. By default, cookie will only be returned to pages for or under /storea.
If you specify the path to / the cookie will be returned to all pages (a common practice.)
Cookie Parts: Expires
Specifies when the cookie will expire.
Specified in Greenwich Mean Time (GMT):
Wdy DD-Mon-YY HH:MM:SS GMT
If you leave this value blank, browser will delete the cookie when the user exits the browser.
This is known as a session cookies, as opposed to a persistent cookie.
Cookie Parts: Secure
The secure flag is designed to encrypt cookies while in transit.
A secure cookie will only be sent over a secure connection .
In other words, if a cookie is set to secure, and you only connect via a non-secure connection, the cookie will not be sent.
Real Time Application
To collect demographic information about who is visiting the Web site.
To personalize the users experience on the Web site.
To monitor advertisements.
Problems With Cookies
People often share machines .
Cookies get erased .
Multiple machines .