• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cookies
 

Cookies

on

  • 1,888 views

 

Statistics

Views

Total Views
1,888
Views on SlideShare
1,887
Embed Views
1

Actions

Likes
0
Downloads
56
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cookies Cookies Presentation Transcript

    • Web Cookies
    • Sources
      • Most of the content for this presentation came from these Web sites:
        • http://www.cookiecentral.com
        • http://www.techtv.com/screensavers/print/0,23102,3317313,00.html
        • http://www.techtv.com/screensavers/twistedlist/story/0,24330,3366496,00.html
    • Cookie Definition
      • Cookies are pieces of information generated by a Web server and stored in the user's computer, ready for future access.
      • Cookies are embedded in the HTML information flowing back and forth between the user's computer and the servers.
      • Cookies were implemented to allow user-side customization of Web information. For example, cookies are used to personalize Web search engines, to allow users to participate in WWW-wide contests (but only once!), and to store shopping lists of items a user has selected while browsing through a virtual shopping mall.
    • Definition (cont.)
      • Essentially, cookies make use of user-specific information transmitted by the Web server onto the user's computer so that the information might be available for later access by itself or other servers.
      • In most cases, not only does the storage of personal information into a cookie go unnoticed, so does access to it.
      • Web servers automatically gain access to relevant cookies whenever the user establishes a connection to them, usually in the form of Web requests.
    • Two Stage Process
      • First the cookie is stored in the user's computer without their consent or knowledge.
        • For example, with customizable Web search engines like My Yahoo!, a user selects categories of interest from the Web page. The Web server then creates a specific cookie, which is essentially a tagged string of text containing the user's preferences, and it transmits this cookie to the user's computer.
      • The user's Web browser, if cookie-savvy, receives the cookie and stores it in a special file called a cookie list.
        • This happens without any notification or user consent. As a result, personal information (in this case the user's category preferences) is formatted by the Web server, transmitted, and saved by the user's computer.
    • Two Stage Process (cont.)
      • During the second stage, the cookie is clandestinely and automatically transferred from the user's machine to a Web server.
      • Whenever a user directs her Web browser to display a certain Web page from the server, the browser will, without the user's knowledge, transmit the cookie containing personal information to the Web server.
    • Virus Danger?
      • A normal text based cookie cannot be of any danger to your computer or spread any viruses.
      • Whether or not other cookies can be dangerous or spread viruses has to do with whether or not a file is "executable," meaning if it's a program rather than data.
      • UNIX files, for instance, have some combination of the properties "readable," "writable" and "executable." The executable property is necessary to enable a program in a file to do something.
    • Virus Danger? (cont)
      • If a cookie is not stored in an executable format for that platform, it cannot do something hostile
      • In general Cookies are stored as text files and cannot be of danger or pass on viruses.
      • Basically cookies cannot harm your computer.
      • The general controversy is not what cookies can do to your computer, but what information they can store, and what they can pass on to servers, there is currently a new proposal to limit the features of the cookie protocol, which would give people a greater control over what cookies they can accept and from where.
    • Cookies – How They Work
      • The Internet is predominantly built on a technology called HTTP.
      • HTTP doesn't hold any notion of "state" between the browser and the server application.
      • Therefore, when writing applications for the Web, developers need to pass a token between the browser and the client.
      • This is how the "cookie" was born.
    • Cookies – How They Work (cont.)
      • Cookies come in two forms, persistent and nonpersistent.
        • Persistent cookies stay with your browser even after you've exited it. The next time you open your browser and access the website that placed the cookie on your browser, it will find the cookie still there.
        • Nonpersistent cookies, as their name suggests, do not stay around after you exit your browser.
    • Cookie Contents
      • The information stored in a cookie allows the browser to know which Web servers to send the cookie back to.
      • The cookie also includes the payload, as well as information about when the cookie is valid.
      • Normally, a site will encrypt the information contained in the cookie. When you ask a website to save your user name and password, it will either take those values and encrypt them before storing them on the file system or create an encrypted token that takes the place of your login. In many cases, when you examine the cookie information you'll notice a long string of characters that most probably doesn't make any sense to you.
    • Cookie Contents (cont.)
      • A TechTV.com cookie from that website:
      • .techtv.com TRUE / FALSE 1108418573 Visitor 80c59448.484ec627.216.200.223.239.1013810251524
      • The following slide has the different parts of the cookie and what they mean:
      • Domain (.techtv.com in this instance) The website that created the cookie, and the one that the Web browser will send it back to.
      • Flag (TRUE) A flag that tells the Web browser whether all the machines within TechTV.com or only specific ones can get the cookie.
      • Path (/) This is the URL's paths within TechTV.com that can receive the cookie. Setting / as the path tells the Web browser to send it to all requests to .techtv.com.
      • Secure (FALSE) Tells the Web browser that the cookie can be sent over HTTP instead of a secure HTTPS connection.
      • Expiration (1108418573) Number of seconds from January 1, 1970, when this cookie will expire.
      • Value (Visitor 80c59448.484ec627.216.200.223.239.1013810251524) This is the actual value that the TechTV.com Web server wants back when it receives the cookie. Just looking at it tells us that it's most likely using this to track repeat visitors. The site has assigned me a visitor number that it will use to look me up in some database of repeat visitors.
    • Cookie Contents (cont.)
      • Domain (.techtv.com in this instance) The website that created the cookie, and the one that the Web browser will send it back to.
      • Flag (TRUE) - A flag that tells the Web browser whether all the machines within TechTV.com or only specific ones can get the cookie.
      • Path (/) - his is the URL's paths within TechTV.com that can receive the cookie. Setting / as the path tells the Web browser to send it to all requests to .techtv.com.
    • Cookie Contents (cont.)
      • Secure (FALSE) - Tells the Web browser that the cookie can be sent over HTTP instead of a secure HTTPS connection.
      • Expiration (1108418573) - Number of seconds from January 1, 1970, when this cookie will expire.
      • Value (Visitor - 80c59448.484ec627.216.200.223.239.1013810251524)
        • This is the actual value that the TechTV.com Web server wants back when it receives the cookie. Just looking at it tells us that it's most likely using this to track repeat visitors. The site has assigned me a visitor number that it will use to look me up in some database of repeat visitors.
    • Managing Cookies
      • Use this link to examine the options below.
      • Strategies:
        • Manually delete cookies from your system
        • Set your browser's security to warn you about cookies
        • Download a cookie killer
        • Surf anonymously
        • Ignore them
    • Cookie Buster Programs
      • Burnt Cookies (for Internet Explorer on Windows platform).
      • Cookie Cruncher (Windows).
      • Cookie Crusher (Windows).
      • Cookie Cutter 1.0 (for Netscape on Macintosh platform). Direct download.
      • Cookie Jar (UNIX).
      • MagicCookie Monster (for Netscape on Macintosh platform).
      • Spy Blocker .
      http://www.epic.org/privacy/tools.html