cookies and sessions
play

Cookies and Sessions Thierry Security assumptions You have - PowerPoint PPT Presentation

Feb 03, 2023 •647 likes •783 views

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser Cookies The big picture key/value pairs data Client Side Server Side HTTP request

  1. Cookies and Sessions Thierry

  2. Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser

  3. Cookies

  4. The big picture key/value pairs data Client Side Server Side HTTP request HTTP response HTTP request HTTP response Web Browser Web Server

  5. Cookies Cookies are key/value pairs sent back and forth between the browser and the server in HTTP request and response

  6. Anatomy of a Cookie • Text data (Up to 4kb) • May (or may not) have an expiration date • Can be manipulated from the client and the server

  7. Manipulating cookies A cookie can be modified (without any cookie flag set) • on the server side express middleware : cookie • on the client side javascript : Document.cookie

  8. What cookies are useful for? • Shopping cart • Browsing preferences • User authentication • Tracking and advertisement

  9. Sessions

  10. The big picture session id Client Side Server Side HTTP request HTTP response HTTP request HTTP response Web Browser Web Server key/value pairs data

  11. The concept of session • There is a session id (aka token) between the browser and the web application • This session id should be unique and unforgeable (usually a long random number or a hash) • This session id is bind to key/value pairs data

  12. Where sessions values are stored • Session ID is stored in a cookie • Session key/value pairs are stored on the server

  13. Hacking sessions The user can create, modify, delete the session ID in the cookie But cannot access the key/value pairs stored on the server

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Java Programming Unit 15 HTTP Sessions and cookies Java

Java Programming Unit 15 HTTP Sessions and cookies Java

Java Programming Unit 15 HTTP Sessions and cookies Java Server Pages (c) Yakov Fain 2014 Synchronous and Asynchronous Servlets Java Servlets run

1.41k views • 32 slides
Objectives Review Servlets Deployment Configuration Sessions, Cookies Handling

Objectives Review Servlets Deployment Configuration Sessions, Cookies Handling

Objectives Review Servlets Deployment Configuration Sessions, Cookies Handling multiple requests Apr 29, 2019 Sprenkle - CS335 1 Servlets Review What application do we need to execute servlets? What class do all web

330 views • 29 slides
Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a response header, we can give the user information as a cookie All subsequent requests will contain these cookies in a header Since cookies work

475 views • 10 slides
Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical

Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical

Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical desktop application, a web application consists of a series of disconnected HTTP requests to a web server where each request for a server page is

660 views • 45 slides
CSE 154 LECTURE 22: SESSIONS Expiration / persistent cookies setcookie("name",

CSE 154 LECTURE 22: SESSIONS Expiration / persistent cookies setcookie("name",

CSE 154 LECTURE 22: SESSIONS Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week from now setcookie("CouponNumber", "389752",

308 views • 10 slides
Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide state Examples: Items in shopping cart AuthenFcaFon! Cookies Passwords! Username + Password = Cookie If I know your authenFcaFon

712 views • 7 slides
Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions

Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions

Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions 2 sessions sessions Main lesson: Maths Ideea Lab Arts Indonesian Health and English electives: Physical education Humanities Performing

3.3k views • 11 slides
COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your

COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your

CS 498RK FALL 2017 COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your computer so that a site can remember you and what you did on subsequent visits Browser Server first request http:/

475 views • 23 slides
PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses, shares, stores and manages your information. We have built our business based on (a) our integrity, (b) our sincere effort to meet your

206 views • 3 slides
IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th edition and online Perl Chapter of textbook) Cookies Example 1 JavaScript: Using Cookies Cookie Data stored on _____________ to maintain

263 views • 9 slides
Should Internet Cookies Be Further Regulated by the Government? Research Presentation by

Should Internet Cookies Be Further Regulated by the Government? Research Presentation by

Should Internet Cookies Be Further Regulated by the Government? Research Presentation by Kaitlin Burdick Overview Background Arguments For the Regulation of Cookies Arguments Against the Regulation of Cookies Conclusion

319 views • 13 slides
SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from https://www.httpwatch.com/httpgallery/cookies/ and https://www.httpwatch.com/httpgallery/headers/ HTTP client-server interaction review 1 Cookies

181 views • 4 slides
Cookies & Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART

Cookies & Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART

EAT COOKIES Cookies & Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART Assignment You might think Cookies and Milk are bought together... You would be wrong. There are no specific associations between

660 views • 9 slides
Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and

Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and

Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and ChemistryHuh!?!? Just like chocolate chip cookies have recipes, chemists have recipes as well Instead of calling them recipes, we call them reaction

677 views • 41 slides
IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th edition and online Perl Chapter of textbook) JavaScript: Using Cookies Cookie Data stored on _____________ to maintain information about client

342 views • 8 slides
Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9

Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9 JavaScript: Using Cookies Cookie Data stored on _____________ to maintain information about client during

765 views • 6 slides
Outline The web from a security perspective (contd) SQL injection CSci 5271 Announcements

Outline The web from a security perspective (contd) SQL injection CSci 5271 Announcements

Outline The web from a security perspective (contd) SQL injection CSci 5271 Announcements intermission Introduction to Computer Security Web security, combined slides Web authentication failures Cross-site scripting Stephen McCamant

333 views • 9 slides
Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I:

Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I:

Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I: Introduction to Programming Local variables, scopes, and complexity Autumn 2019 October 31, 2019 Example Cookie Calculator Cookie Calculator

685 views • 13 slides
Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

IN3210 Network Security Web Application Security Attacks on the Web Attacker Web User Application Web Database Web Server Application 2 The OWASP Foundation The Open Web Application Security Project (OWASP) is a 501(c)(3)

1.21k views • 60 slides
Neutral Net Neutrality Expressing User Preferences with Network Cookies Yiannis Yiakoumis,

Neutral Net Neutrality Expressing User Preferences with Network Cookies Yiannis Yiakoumis,

Neutral Net Neutrality Expressing User Preferences with Network Cookies Yiannis Yiakoumis, Sachin Katti, Nick McKeown Stanford University Who controls your network access? 2 Who controls your network access? 3 Who controls your network

767 views • 48 slides
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs G. Pellegrino , M. Johns, S.

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs G. Pellegrino , M. Johns, S.

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs G. Pellegrino , M. Johns, S. Koch, M. Backes, C. Rossow gpellegrino@cispa.saarland ACM CCS 2017 Nov 2 nd , Dallas, USA U WONT BELIEVE WHAT DIS CAT IS DOIN !!!1! <img

980 views • 16 slides
COOKIES Ho w ca n ap ps maintai n use r stat e ? Cookie s ! small bits of data downloaded to your

COOKIES Ho w ca n ap ps maintai n use r stat e ? Cookie s ! small bits of data downloaded to your

CS 498RK SPRING 2020 COOKIES Ho w ca n ap ps maintai n use r stat e ? Cookie s ! small bits of data downloaded to your computer so that a site can remember you and what you did on subsequent visits Bro w se r Serve r first request

340 views • 23 slides
Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites Takuya

Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites Takuya

Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama, Tatsuya Mori NTT Secure Platform Laboratories, Waseda University, NICT, RIKEN API NDSS Symposium 24 th

768 views • 46 slides
Security ty, P Privacy cy, & & Us User E Expect ectati tion ons: Case Studies in

Security ty, P Privacy cy, & & Us User E Expect ectati tion ons: Case Studies in

Security ty, P Privacy cy, & & Us User E Expect ectati tion ons: Case Studies in Web Tracking and Application Permissions Franzi ziska Roesner er Assistant Professor Computer Science & Engineering University of Washington

710 views • 52 slides

More recommend