A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies...
-
Upload
gervais-owens -
Category
Documents
-
view
213 -
download
1
Transcript of A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies...
![Page 1: A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f285503460f94c409d7/html5/thumbnails/1.jpg)
A Little Bit About CookiesFort Collins, CO
Copyright © XTR Systems, LLC
A Little BitAbout Cookies
Instructor: Joseph DiVerdi, Ph.D., M.B.A.
![Page 2: A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f285503460f94c409d7/html5/thumbnails/2.jpg)
A Little Bit About CookiesFort Collins, CO
Copyright © XTR Systems, LLC
A Very Simple Transaction
![Page 3: A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f285503460f94c409d7/html5/thumbnails/3.jpg)
A Little Bit About CookiesFort Collins, CO
Copyright © XTR Systems, LLC
Simple Transaction w/ Image
![Page 4: A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f285503460f94c409d7/html5/thumbnails/4.jpg)
A Little Bit About CookiesFort Collins, CO
Copyright © XTR Systems, LLC
(Infamous) Cookies
• Introduced by Netscape in Navigator v2.0• Original purpose was to enable a server to
track a browser through multiple HTTP requests– Necessary for applications, e.g., shopping cart– Allows storage of a user’s preferences in cookie
• Intended to improve privacy– Removed the requirement for the server to
request and store personal information in a central data bank
![Page 5: A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f285503460f94c409d7/html5/thumbnails/5.jpg)
A Little Bit About CookiesFort Collins, CO
Copyright © XTR Systems, LLC
Cookie Issues
• Rule of unintended consequences• Initial implementation allowed any site to
request all cookies from a browser thereby revealing (lots of) personal information
• Quick change to browser to permit delivery of cookies to a particular server (identified by domain) that were issued by that server
![Page 6: A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f285503460f94c409d7/html5/thumbnails/6.jpg)
A Little Bit About CookiesFort Collins, CO
Copyright © XTR Systems, LLC
More Cookie Issues
• Web developers (webmasters?) soon realized that cookies could be “attached” to files other than HTML, e.g., GIF. Combining this capability with the delivery of banner images from advertising companies allowed those advertisers continued access to detailed tracking information
• Advertisers claim that such tracking permits interested-targeted delivery and reduction of repetitious display
• There is an opportunity for abuse
![Page 7: A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f285503460f94c409d7/html5/thumbnails/7.jpg)
A Little Bit About CookiesFort Collins, CO
Copyright © XTR Systems, LLC
Server-Client Interaction
• First Step:– Server Sends Set-Cookie Header to Client
HTTP/1.0 200 OK
Date: Fri 04 Oct 1996 14:31:51 GMT
Server: hypothetical.ora.com
Set-Cookie: account=04382374
Set-Cookie: userid=woody
Content-Type: text/html
Content-Length: 1023
<title>Sample Home Page</title>
– Client Saves Cookie in Cookie Jar
![Page 8: A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f285503460f94c409d7/html5/thumbnails/8.jpg)
A Little Bit About CookiesFort Collins, CO
Copyright © XTR Systems, LLC
Server-Client Interaction
• Second Step– In a Future Connection
• Client Recognizes Server's URL• Appends Cookie Header
GET /index.html
Connection: Keep-Alive
Host: hypothetical.ora.com
Accept: image/gif, image/jpeg, */*
Cookie: account=04382374
Cookie: userid=woody
![Page 9: A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f285503460f94c409d7/html5/thumbnails/9.jpg)
A Little Bit About CookiesFort Collins, CO
Copyright © XTR Systems, LLC
Cookie Parameters
– Name• Name given to cookie
– Value• Value assigned to cookie
– Domain• Browser only returns cookie to URLs in this domain
– Expires• Cookie will not be returned after this date
– Path• Browser only returns cookie to URLs below this path
– Secure• Browser only return cookie using https protocol
![Page 10: A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f285503460f94c409d7/html5/thumbnails/10.jpg)
A Little Bit About CookiesFort Collins, CO
Copyright © XTR Systems, LLC
Cookie File Structure
Domain Expire Path Secure Expiration Vendor Specific Fields
hotwired.lycos.com FALSE /webmonkey/99/09 FALSE 970380000 Lycos_Webographics Sampledwww.macfixit.com FALSE /cgi-bin/ultimate FALSE 968113043 lastLogin 2451426.2017www.macfixit.com FALSE /cgi-bin/ultimate FALSE 968113043 LastLoginDT 09-04-1999%2008%3A17%20PMwww.admission.com FALSE /html FALSE 972187149 admission EN%26US.netscape.com TRUE / FALSE 1293840002 UIDC 199.45.180.157:0912144896:401606.adobe.com TRUE / FALSE 1924905604 AWID 199.45.180.157:10771:912192070:677www.direct-jobs.com FALSE / FALSE 2137622378 CFTOKEN 11642676www.direct-jobs.com FALSE / FALSE 2137622379 CFID 122728www.damark.com FALSE / FALSE 2145830703 ST_USER 0913838850898991.imgis.com TRUE / FALSE 1074483659 JEB2 8F799D77DAA0A516CEA8F4B23004E025.zdnet.com TRUE / FALSE 1041310803 cgversion 4.zdnet.com TRUE / FALSE 1041310806 browserCEA8F4B2383B0D81.yahoo.com TRUE / FALSE 1271361603 B 8vl686iata7fn.ngadcenter.net TRUE / FALSE 2145801606 NGID 2061691f-20905-917899077-5