cookies cookies
play

Cookies Cookies HTTP is stateless To "remember" a user - PowerPoint PPT Presentation

Jul 28, 2023 •362 likes •475 views

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a response header, we can give the user information as a cookie All subsequent requests will contain these cookies in a header Since cookies work

  1. Cookies

  2. Cookies • HTTP is stateless • To "remember" a user we use cookies • In a response header, we can give the user information as a cookie • All subsequent requests will contain these cookies in a header • Since cookies work through headers: ASCII only

  3. Cookie Headers • Set-Cookie • Use this header in your response to tell a client to set a cookie • Cookie • The client will send all Cookies with each request using this header

  4. Set-Cookie • The Set-Cookie header is used by servers to tell the client to set a cookie • Cookies are sent as key-value pairs • Syntax: • <key>=<value> • Example: • Set-Cookie: id=X6kAwpgW29M • Set-Cookie: visits=4

  5. Cookie • Header used by clients to deliver all cookies that have been set • Syntax [Same as Set-Cookie]: • <key>=<value> • Multiple cookies separated by ; • Example: • Cookie: id=X6kAwpgW29M; visits=4

  6. Client-Side Cookies • The client can also set and change their cookies • Do not trust the value stored in a cookie • If a cookie is important for security • Verify its validity • Client can read/set cookies with JavaScript • So can attackers! • Access cookies with "document.cookie"

  7. Cookie H ij acking • Cookies are often used for authentication • Set a cookie at logon to remember that the user is authenticated • Prevents sending username/password with every request • What if someone steals your cookies? • They can authenticate as you without needing your password • They would have to get their JavaScript running in your browser

  8. Directives • Can add directives when setting a cookie • Separate directives with ; • Expires • The exact time when the cookie should be deleted • Must be in the format: • <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT • Set-Cookie: id=X6kAwpgW29M; Expires: Wed, 12 Feb 2020 13:42:32 GMT • Max-Age • Set the number of second before the cookie expires • Set-Cookie: id=X6kAwpgW29M; Max-Age: 3600 • If neither Expires nor Max-Age are set, the cookie will be deleted when the user ends the session

  9. Directives • Secure • Only send this cookie over HTTPS • HttpOnly • Don't let anyone read or set this cookie using JavaScript • Prevents hijackers from reading your cookies • Set-Cookie: id=X6kAwpgW29M; Secure; HttpOnly

  10. Directives • Path • Specify a prefix that the path must match for the cookie to be sent • Set-Cookie: id=X6kAwpgW29M; Path: /posts • Cookie is only sent when the requested path begins with /posts

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide state Examples: Items in shopping cart AuthenFcaFon! Cookies Passwords! Username + Password = Cookie If I know your authenFcaFon

712 views • 7 slides
COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your

COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your

CS 498RK FALL 2017 COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your computer so that a site can remember you and what you did on subsequent visits Browser Server first request http:/

475 views • 23 slides
PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses, shares, stores and manages your information. We have built our business based on (a) our integrity, (b) our sincere effort to meet your

206 views • 3 slides
IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th edition and online Perl Chapter of textbook) Cookies Example 1 JavaScript: Using Cookies Cookie Data stored on _____________ to maintain

263 views • 9 slides
Should Internet Cookies Be Further Regulated by the Government? Research Presentation by

Should Internet Cookies Be Further Regulated by the Government? Research Presentation by

Should Internet Cookies Be Further Regulated by the Government? Research Presentation by Kaitlin Burdick Overview Background Arguments For the Regulation of Cookies Arguments Against the Regulation of Cookies Conclusion

319 views • 13 slides
SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from https://www.httpwatch.com/httpgallery/cookies/ and https://www.httpwatch.com/httpgallery/headers/ HTTP client-server interaction review 1 Cookies

181 views • 4 slides
Cookies &amp; Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART

Cookies &amp; Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART

EAT COOKIES Cookies &amp; Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART Assignment You might think Cookies and Milk are bought together... You would be wrong. There are no specific associations between

660 views • 9 slides
Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and

Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and

Chapter 12 Stoichiometry 1 Section 12.1 The Arithmetic of Equations 2 Cookies and ChemistryHuh!?!? Just like chocolate chip cookies have recipes, chemists have recipes as well Instead of calling them recipes, we call them reaction

677 views • 41 slides
IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th edition and online Perl Chapter of textbook) JavaScript: Using Cookies Cookie Data stored on _____________ to maintain information about client

342 views • 8 slides
Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9

Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9 JavaScript: Using Cookies Cookie Data stored on _____________ to maintain information about client during

765 views • 6 slides
I see a cookie banner Is it even legal? Nataliia Bielova and Cristiana Santos joint work with

I see a cookie banner Is it even legal? Nataliia Bielova and Cristiana Santos joint work with

This presentation contains cookies that will be stored in your memory to make sure you remember this presentation. By attending this presentation, you agree to the placement of these cookies. To learn more, read our Privacy Policy. I see a

512 views • 23 slides
SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python

SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python

SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python https://www.w3schools.com/js/js_cookies.asp https://docs.python.org/3/library/http.cookies.html

138 views • 9 slides
Retroactively estimating system clock skew from stored web browser cookies Contents 1. Why? 2.

Retroactively estimating system clock skew from stored web browser cookies Contents 1. Why? 2.

Retroactively estimating system clock skew from stored web browser cookies Contents 1. Why? 2. Mechanism for deriving skew from cookies 3. Data &amp; data processing 4. Demonstration of algorithm Time. It matters. John is a suspect in a

470 views • 15 slides
Information Example

Information Example

IT350: Web &amp; Internet Programming Set 15: Cookies Information Example https://www.usna.edu/Users/cs/adina/teaching/it350/fall2016/solutions/cookies/info.html (info link on todays calendar) How does the second page know what you

302 views • 8 slides
Lecture 4: Session Tracking Cookies allow us to maintain state, but are somewhat clumsy to

Lecture 4: Session Tracking Cookies allow us to maintain state, but are somewhat clumsy to

Lecture 4: Session Tracking Cookies allow us to maintain state, but are somewhat clumsy to program To keep detailed state information we probably need many cookies and we must store a lot of information within them Each cookie is only

466 views • 33 slides
Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f;

Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f;

Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f; Expires=Wed, 09 Jun 2012 10:18:14 GMT Name Value Expiration Time Browser returns cookies in headers of later requests: Cookie: session=0x4137fd6a CS

701 views • 4 slides
McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers Daniel J.

McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers Daniel J.

McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers Daniel J. Bernstein 1,2 and Tanja Lange 3 1 University of Illinois at Chicago 2 Ruhr University Bochum 3 Eindhoven University of Technology USENIX Security 2020

388 views • 19 slides
A8: Cross-site Request Forgery (CSRF) A8: Cross-site Request Forgery (CSRF) XSS Trick

A8: Cross-site Request Forgery (CSRF) A8: Cross-site Request Forgery (CSRF) XSS Trick

A8: Cross-site Request Forgery (CSRF) A8: Cross-site Request Forgery (CSRF) XSS Trick browser to execute code without user knowledge CSRF Trick browser to access sensitive pages without user knowledge CSRF Vulnerability Pattern

284 views • 11 slides
Nemesis: Preventing Web Authentication &amp; Access Control Vulnerabilities Michael Dalton ,

Nemesis: Preventing Web Authentication &amp; Access Control Vulnerabilities Michael Dalton ,

Nemesis: Preventing Web Authentication &amp; Access Control Vulnerabilities Michael Dalton , Christos Kozyrakis Stanford University Nickolai Zeldovich Massachusetts Institute of Technology Web Application Overview User: webdb User: httpd

446 views • 22 slides
Web client programming JavaScript/AJAX Web requests with JavaScript/AJAX Needed for

Web client programming JavaScript/AJAX Web requests with JavaScript/AJAX Needed for

Web client programming JavaScript/AJAX Web requests with JavaScript/AJAX Needed for reverse-engineering homework site Web request via jQuery JavaScript library jQuery.ajax({ 'type': 'GET', 'url': 'http://vulnerable/ajax.php',

335 views • 22 slides
Large Deviations and Slowdown Asymptotics of Excited Random Walks Jonathon Peterson Department

Large Deviations and Slowdown Asymptotics of Excited Random Walks Jonathon Peterson Department

LDP for Excited Random Walks Large Deviations and Slowdown Asymptotics of Excited Random Walks Jonathon Peterson Department of Mathematics Purdue University September 4, 2012 Jonathon Peterson 9/4/2012 1 / 13 LDP for Excited Random Walks

688 views • 32 slides
Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical

Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical

Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical desktop application, a web application consists of a series of disconnected HTTP requests to a web server where each request for a server page is

660 views • 45 slides
Identifying and Preventing Conditions for Web Privacy Leakage Craig E. Wills Computer Science

Identifying and Preventing Conditions for Web Privacy Leakage Craig E. Wills Computer Science

Identifying and Preventing Conditions for Web Privacy Leakage Craig E. Wills Computer Science Department Worcester Polytechnic Institute Worcester, MA USA W3C Workshop on Web Tracking and User Privacy April, 2011 1 Its Not Just Tracking

474 views • 4 slides
CSE 510 Web Data Engineering Java Server Pages (JSPs) UB CSE 510 Web Data Engineering Java

CSE 510 Web Data Engineering Java Server Pages (JSPs) UB CSE 510 Web Data Engineering Java

CSE 510 Web Data Engineering Java Server Pages (JSPs) UB CSE 510 Web Data Engineering Java Server Pages: Embedding Java Code in Static Content 2 UB CSE 510 Web Data Engineering Why JSPs? Need to separate the business logic

439 views • 31 slides

More recommend