COOKIE MANIPULATION:
A cookie is a
small file or text only string registered in the memory of a web browser, used
to identify a website user. Websites use cookies to authenticate users (e.g.
gmail.com) personalize data (e.g. my yahoo), to assist customers with online
sales or services (e.g e-bay.com) or merely for collecting statistical and
demographic data (e.g. doubleclick.com).
Cookies which are saved in the form of simple
text files can be deleted. If you delete a cookie while your browser is open,
it will be recreated when you close the browser; because all cookies are held
in the memory of your browser till you close the browser.
Browser can
be set to accept all, some or none of the incoming cookies or can be set to
warm before accepting it. Many sites uses cookies to implement access control
schemes of various sorts e.g. a subscription site that requires a user name and
password might pass a cookie back to your browser the first time you log in;
then it will give you access to restricted pages, once your browser passes
valid cookie.
This may
vulnerable to exploitation, here, hacker
could use a packet sniffer to intercept the cookies as it passes from your
browser to the server and then use it to obtain free access to the site.
6 PARAMETERS IN A COOKIE:
i)
Name
of the cookie;
ii)
The
value of the cookie;
iii)
Expiration
date of the cookie;
iv)
The
path valid for the cookie;
v)
The
domain valid for cookie;
vi)
A
secure connection to use the cookie.
Out of these 6 parameters two are
compulsory (i.e. its name and its value). The semicolon; separates each
parameter when it is set explicitly.
1) NAME VALUE:
The
name and the value of the cookie can be set by pairing them together e.g. Name
= Sanya.
2) EXPIRES:
This
parameter allows you to set the lifetime of the cookie. If it is not set
clearly or not set at all; then by default the expiry gets set to the end of
the session.
3) PATH:
This
is most useful parameter out of the four optional settings. This parameter
establishes the URL path within which the cookie remains valid.
4) DOMAIN:
This
parameter extends the path parameter a little. If a site uses multiple servers
for one domain, here it becomes important to specify the domain parameter in
such a way so as to make the cookie accessible to any of the pages of these
multiple servers e.g. domain=www.cyber_security.net.
It is possible to assign cookies to
either an individual machine or to an entire Internet Domain. To set a cookie
for a domain, the server should be a member of that domain. If a domain
parameter is not set explicitly then by default the full domain of the document
that has created the cookies is taken.
5) SECURE:
This
parameters indicates that a cookie with this parameter should only be used
under secure condition e.g. SSL (Secure Socket Layer).
No comments:
Post a Comment