Internet Cookies

Internet Cookies are small files having maximum 255 characters or less stored on client side or in browsers to store the some specific information about the user and help him to improve his internet surfing experience.

Cookies Syntax contain: 

Cookie_Name, Cookie_Value, Expiry, Path, Domain, Secure_Flag, HTTPonly_Flag

  • Path: Used to set cookie path on the server mostly "/" which means cookie is available throughout the domain.
  • Secure_Flag: Used to define that cookie should be sent over HTTPS only and if any HTTP request comes cookie should not be attached with that request.
  • HTTPonly_Flag: Used to make the cookies inaccessible bu JavaScript; So vulnerabilities like cross site scripting cannot be used to hijack cookies if any user.

Types of cookies:

1. Session Cookie: 
- Its a non-persistent cookie and lies in the temporary memory of the browser when user navigates to  any web application. 
- Do not have any expiration date
- Usually gets deleted once the user closes his browser.

2. Persistent Cookies: (Tracking Cookies)
- It is transmitted every time when a user visits any website for tracking the activity of any specific user.
- These cookies usually have a specific period of time and gets expired after the time is over.

3. Same-Site Cookies: (Introduced in 2016)
- These type of cookies can only be transmitted when request is originating from same origin as the host domain is.
- It was developed to make cookie based approaches safe from attacks like CSRF.
- Same-Site cookies can have two values set "Strict" or "Lax".

Note: "Lax" is set when cookies should be allowed to be sent when requested using GET request method by any third party website because GET requests do not cause a TOP LEVEL navigation or they do not change URL in your address bar.

4. Third Party Cookies: 
- These cookies are mostly used for advertisement purposes and are mostly blocked by modern browsers.
- When Cookie Domain parameter value is set something else other than the target domain.

5. Super Cookies:
- A cookies having an origin of top level domain (.com) whereas normal cookies have specific domain name like example.com.
- Can be accessible by app websites so they raise a potential security concern and are hence blocked by the browsers.

6. Zombie Cookie: 
- Cookies that are recreated itself after being deleted.
- This is achieved by storing cookies content in different locations like HTML5 web storage spaces, Flash local shared object memory




No comments:

Post a Comment