cookies handout by wuyunqing


    Developed by Mosaic (Netscape) in 1994
    Designed to store user data on local machine
    Imposed basic limits on functionality – 300 max, 20 per server, 4kb each
    Removed by site through CGI script
    Internet explosion of late 90’s; cookies prevail; online businesses benefit
    Communicate well with scripts and applets
    Ease of use and power lead to misuse

Origin of Misuse:
    Realized cookies could track buyer behavior
    By integrating with sites, cookies created behind users’ back
    Use image exploit to appear seemingly at random (Dot Image)

Types of Cookies:
    Three variations have emerged
    Session
    Persistent
    Tracking

What Makes up a cookie?:
   Name: identifies the cookie to the web server. A server might use more than one
   Value: a text string that the server wants to have stored for potential later use if
     needed. A cookie value can be null for purposes of clearing/zeroing out.
   Expiration Date: the date indicating the end-of-lifetime for the cookie. If the
     expiration is not set, the default is end of session which generally means the end
     of the browser session, even if the browser ceases accessing the particular
     cookie's server before it (the browser) closes.
   Path: the Internet address the cookie is valid within. Pages outside the path can't
     use the cookie. If not specified then the path defaults to the address of the
     document creating the cookie.
   Domain: the Internet domain that is allowed to use the cookie. The server issuing
     the cookie must be a member of the domain it tries to set in the cookie.
   Security Indicator: a flag indicating if the cookie must be used only under secure
     server conditions.

Session Cookies:
    Also called Per-Session
    Created and destroyed each time a visitor browses the site
    Hold info pertinent to each session
Persistent/Permanent Cookies:
    Remain upon leaving
    Useful for sites that remember preferences (Stocks, Weather, personalized menus,
    Can use “expire” property to delete

    Malicious variant of persistent cookie
    Implemented by “ad-networks”
    Upon each time read, data collected and transmitted to server
    Contain personal info about browsing habits, services, interests, IP…

   FTC took interest
   Ad companies now require “opt-out” cookies
   Integrated browser security to block cookies
           Rarely works, as ways around emerge
   Software for removal (adAware, SpyBot, AdSubtract, etc…)
           Better option, as often updated

Future of Cookies:
    Unknown if cookies will still be useful after spyware ruined their benefits
    Average user doesn’t know of any positive use, so have a negative image

Examples of Cookies:

    Contains basic info (preferences)

JavaScript Function

Function addCookie(tag, value) {
       var expireDate = new Date()
       var expireString = ""
              expireDate.setTime(expireDate.getTime() + (1000 * 60 * 60 *24 * 365))
              expireString = "expires=" + expireDate.toGMTString()
              document.cookie = tag + "=" + escape(value) + ";" + expireString + ";"

To top