A Little Bit About CookiesFort Collins, CO

Copyright © XTR Systems, LLC

A Little BitAbout Cookies

Instructor: Joseph DiVerdi, Ph.D., M.B.A.

A Little Bit About CookiesFort Collins, CO

Copyright © XTR Systems, LLC

A Very Simple Transaction

A Little Bit About CookiesFort Collins, CO

Copyright © XTR Systems, LLC

Simple Transaction w/ Image

A Little Bit About CookiesFort Collins, CO

Copyright © XTR Systems, LLC

(Infamous) Cookies

• Introduced by Netscape in Navigator v2.0• Original purpose was to enable a server to

track a browser through multiple HTTP requests– Necessary for applications, e.g., shopping cart– Allows storage of a user’s preferences in cookie

• Intended to improve privacy– Removed the requirement for the server to

request and store personal information in a central data bank

A Little Bit About CookiesFort Collins, CO

Copyright © XTR Systems, LLC

Cookie Issues

• Rule of unintended consequences• Initial implementation allowed any site to

request all cookies from a browser thereby revealing (lots of) personal information

• Quick change to browser to permit delivery of cookies to a particular server (identified by domain) that were issued by that server

A Little Bit About CookiesFort Collins, CO

Copyright © XTR Systems, LLC

More Cookie Issues

• Web developers (webmasters?) soon realized that cookies could be “attached” to files other than HTML, e.g., GIF. Combining this capability with the delivery of banner images from advertising companies allowed those advertisers continued access to detailed tracking information

• Advertisers claim that such tracking permits interested-targeted delivery and reduction of repetitious display

• There is an opportunity for abuse

A Little Bit About CookiesFort Collins, CO

Copyright © XTR Systems, LLC

Server-Client Interaction

• First Step:– Server Sends Set-Cookie Header to Client

HTTP/1.0 200 OK

Date: Fri 04 Oct 1996 14:31:51 GMT

Server: hypothetical.ora.com

Set-Cookie: account=04382374

Set-Cookie: userid=woody

Content-Type: text/html

Content-Length: 1023

<title>Sample Home Page</title>

– Client Saves Cookie in Cookie Jar

A Little Bit About CookiesFort Collins, CO

Copyright © XTR Systems, LLC

Server-Client Interaction

• Second Step– In a Future Connection

• Client Recognizes Server's URL• Appends Cookie Header

GET /index.html

Connection: Keep-Alive

Host: hypothetical.ora.com

Accept: image/gif, image/jpeg, */*

Cookie: account=04382374

Cookie: userid=woody

A Little Bit About CookiesFort Collins, CO

Copyright © XTR Systems, LLC

Cookie Parameters

– Name• Name given to cookie

– Value• Value assigned to cookie

– Domain• Browser only returns cookie to URLs in this domain

– Expires• Cookie will not be returned after this date

– Path• Browser only returns cookie to URLs below this path

– Secure• Browser only return cookie using https protocol

A Little Bit About CookiesFort Collins, CO

Copyright © XTR Systems, LLC

Cookie File Structure

Domain Expire Path Secure Expiration Vendor Specific Fields

hotwired.lycos.com FALSE /webmonkey/99/09 FALSE 970380000 Lycos_Webographics Sampledwww.macfixit.com FALSE /cgi-bin/ultimate FALSE 968113043 lastLogin 2451426.2017www.macfixit.com FALSE /cgi-bin/ultimate FALSE 968113043 LastLoginDT 09-04-1999%2008%3A17%20PMwww.admission.com FALSE /html FALSE 972187149 admission EN%26US.netscape.com TRUE / FALSE 1293840002 UIDC 199.45.180.157:0912144896:401606.adobe.com TRUE / FALSE 1924905604 AWID 199.45.180.157:10771:912192070:677www.direct-jobs.com FALSE / FALSE 2137622378 CFTOKEN 11642676www.direct-jobs.com FALSE / FALSE 2137622379 CFID 122728www.damark.com FALSE / FALSE 2145830703 ST_USER 0913838850898991.imgis.com TRUE / FALSE 1074483659 JEB2 8F799D77DAA0A516CEA8F4B23004E025.zdnet.com TRUE / FALSE 1041310803 cgversion 4.zdnet.com TRUE / FALSE 1041310806 browserCEA8F4B2383B0D81.yahoo.com TRUE / FALSE 1271361603 B 8vl686iata7fn.ngadcenter.net TRUE / FALSE 2145801606 NGID 2061691f-20905-917899077-5