Non User
Index: > A B C D E F G H I J K L M N O P Q R S T U V W X Y Z	Business Non User Industries Finance Tax

Home > HTTP cookie

1 Purpose

Cookies can contain any arbitrary information the server chooses and are used to maintain state between otherwise stateless HTTP transactions. Typically this is used to authenticate or identify a registered user of a web site as part of their first login process or initial site registration without requiring them to sign in again every time they access that site. Other uses are maintaining a "shopping basket" of goods selected for purchase during a session at a site, site personalisation (presenting different pages to different users), and tracking a particular user's access to a site.

2 Permission

A browser may or may not allow the use of cookies. The user can usually choose a setting.

2.1 Microsoft Internet Explorer

Tools > Internet Options > Privacy Tab

• Use slider to set options, or use advanced options

2.2 Mozilla Firefox

Tools > Options > Privacy OR Edit > Preferences > Privacy

• Set options under Cookies
  • Exceptions allows per domain settings of block/allow
  • Stored Cookies opens a cookie management window, showing details of stored cookies, allowing them to be deleted or blocked

3 Permanence

A cookie often stays on the user's computer for use in the next session (though it can be erased by the user in between), but it can also be for use within a session and be erased at the end of the session.

4 Identification

If more than one browser is used on a computer, each has a separate storage area for cookies. Hence cookies do not identify a person, but a combination of a computer and a web browser. Thus, a single person who uses multiple browsers and/or computers will have a distinct set of cookies for each computer/browser combination. On the other hand, cookies do not differentiate between multiple users who share a computer and browser, unless they use different user accounts.

5 Opposition to cookies

Some people are opposed to the use of cookies on the Web. Below are some of their reasons.

5.1 Inaccurate identification

See above.

5.2 Privacy, anonymity and advertising

Cookies also have some important implications with respect to a user's privacy and anonymity on the web. One way is that some companies monitor users' visits to disparate web sites for marketing purposes. Some sites contain images called web bugs (that are transparent and only one pixel in size, so that they are not visible) that place cookies on all computers that access them. E-commerce websites can then read those cookies, find out what websites placed them, and send e-mail spam advertisements for products related to those websites.

Companies that use this system defend it as an effective way to give consumers access to products in which they are likely to be interested. If sites that place these tracking cookies are paid by the commercial operator, the revenue can allow them to place their content online at no cost to the creators.

6 Cookie theft and poisoning by cross site scriptingCross site scripting XSS is a type of computer security exploit where information from one context, where it is not trusted, can be inserted into another context, where it is. From the trusted context, an attack can be launched. A classic example of cross based attacks

Even if cookies are not dangerous per se, they contain information corresponding to a particular context : user, computer, web browser, and above all domain served by the web server from where it originated. Bypassing this context, i.e. having this information 'leak' out of this context is undesirable for the user, especially when the cookie data contains personal information. This bypassing in turn represents a valuable undertaking for an attacker. Cross site scriptingCross site scripting XSS is a type of computer security exploit where information from one context, where it is not trusted, can be inserted into another context, where it is. From the trusted context, an attack can be launched. A classic example of cross is the tool of choice to achieve this goal. Among the threats of cross site scriptingCross site scripting XSS is a type of computer security exploit where information from one context, where it is not trusted, can be inserted into another context, where it is. From the trusted context, an attack can be launched. A classic example of cross attacks, cookie theft and cookie poisoning present a risk to the user, in that they enable a transgression of the context and the trust it carries.

• cookie theft: gathering of the user's cookie, sent to the attacker's website. The attacker can then use the cookie information for session hijacking of the user's account on the trusted/affected website.
• cookie poisoning: bypassing the security mechanism of context based trust, the attacker can inject code resulting in a modification of the cookie content, hence making the attack persistent.

Politics	Business	Finance

Topics: HTTP Cookie Cookies Site Web User Browser Information Session...

---

HTTPHTTP (for HyperText Transfer Protocol is the primary method used to convey information on the World Wide Web. The original purpose was to provide a way to publish and receive HTML pages. Development of HTTP was co-ordinated by the World Wide Web Consortiu HTTPSHTTPS is the secure version of HTTP, the communication protocol of the World Wide Web. It was invented by Netscape Communications Corporation to provide authentication and encrypted communication and is used in electronic commerce. Instead of using plain HTTP cookieAn HTTP cookie (usually called simply a cookie is a packet of information sent by a server to a World Wide Web browser and then sent back by the browser each time it accesses that server. They were invented by Lou Montulli, a former employee of Netscape C HTTP(P2P)HTTP(P2P is a protocol based on HTTP created to generate interest in developing peer based solutions to flash crowds (the Slashdot effect & ). External link .