Cookie Flashcards
What is a cookie?
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is usually a small piece of data sent from a website and stored in a user’s web browser while a user is browsing a website.
Cookie was designed to be a reliable mechanism to remember the state of the website or activity the user had taken in the past.
Cookies are arbitrary pieces of data chosen by the Web server and sent to the browser. The browser returns them unchanged to the server.
What is a session cookie?
A user’s session cookie (also known as an in-memory cookie or transient cookie) for a website exists in temporary memory only while the user is reading and navigating the website. When an expiry date or validity interval is not set at cookie creation time, a session cookie is created. Web browsers normally delete session cookies when the user closes the browser.
What is a persistent cookie?
A persistent cookie will outlast user sessions. If a persistent cookie has its Max-Age set to 1 year, then, within the year, the initial value set in that cookie would be sent back to the server every time the user visited the server. This could be used to record a vital piece of information such as how the user initially came to this website. For this reason persistent cookies are also called tracking cookies.
What is a secure cookie?
A secure cookie has the secure attribute enabled and is only used via HTTPS, ensuring that the cookie is always encrypted when transmitting from client to server. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
What is an HTTPOnly cookie?
The HttpOnly cookie is supported by most modern browsers.[16][17] On a supported browser, an HttpOnly session cookie will be used only when transmitting HTTP (or HTTPS) requests, thus restricting access from other, non-HTTP APIs (such as JavaScript). This restriction mitigates but does not eliminate the threat of session cookie theft via cross-site scripting (XSS). This feature applies only to session-management cookies, and not other browser cookies.
What is a Third-party cookie?
First-party cookies are cookies set with the same domain (or its subdomain) as your browser’s address bar. Third-party cookies are cookies set with domains different from the one shown on the address bar. The web pages on the first domain may feature content from a third-party domain, e.g. a banner advert run by www.advexample.com. Privacy setting options in most modern browsers allow you to block third-party tracking cookies.
As an example, suppose a user visits www.example1.com, which includes an advert which sets a cookie with the domain ad.foxytracking.com. When the user later visits www.example2.com, another advert can set another cookie with the domain ad.foxytracking.com. Eventually, both of these cookies will be sent to the advertiser when loading their ads or visiting their website. The advertiser can then use these cookies to build up a browsing history of the user across all the websites this advertiser has footprints on.
What is a supercookie?
A “supercookie” is a cookie with a public suffix domain, like .com, .co.uk or k12.ca.us.[19]
Most browsers, by default, allow first-party cookies—a cookie with domain to be the same or sub-domain of the requesting host. For example, a user visiting www.example.com can have a cookie set with domain www.example.com or .example.com, but not .co.uk.[20] A supercookie with domain .com would be blocked by browsers; otherwise, a malicious website, like attacker.com, could set a supercookie with domain .com and potentially disrupt or impersonate legitimate user requests to example.com.
What is a zombie cookie?
Some cookies are automatically recreated after a user has deleted them; these are called zombie cookies. This is accomplished by a script storing the content of the cookie in some other locations, such as the local storage available to Flash content, HTML5 storages and other client side mechanisms, and then recreating the cookie from backup stores when the cookie’s absence is detected.
How do you manage session with cookie?
To manage session. Cookies may be used to maintain data related to the user during navigation, possibly across multiple visits. Cookies were introduced with shopping cart, a virtual device into which users can store items they want to purchase as they navigate throughout the site.
Name the uses of cookie.
To manage session, personalize and tracking
How do you use cookie to personalize?
Cookies may be used to remember the information about the user who has visited a website in order to show relevant content in the future. For example a web server may send a cookie containing the username last used to log in to a website so that it may be filled in for future visits.
How would you use cookie for tracking?
Tracking cookies may be used to track internet users’ web browsing. This can also be done in part by using the IP address of the computer requesting the page or the referrer field of the HTTP request header, but cookies allow for greater precision.
How are data stored in the cookie?
The data is stored in a cookie by name, value pair separated by semi-colon.
Besides the name–value pair, servers can also set these cookie attributes: a cookie domain, a path, expiration time or maximum age, Secure flag and HttpOnly flag. Browsers will not send cookie attributes back to the server. They will only send the cookie’s name-value pair.
How are cookie attribute used by the browser?
Cookie attributes are used by browsers to determine when to delete a cookie, block a cookie or whether to send a cookie (name-value pair) to the servers.
What are expires and Max-age?
The Expires directive tells the browser when to delete the cookie, indicating the exact date/time this cookie will expire. As an alternative to setting cookie expiration as an absolute date/time, RFC 6265 allows the use of the Max-Age attribute to set the cookie’s expiration as an interval of seconds in the future, relative to the time the browser received the cookie.
