Cryptography Reference
In-Depth Information
Cookie Ingredients
: Cookies transport between server and client as an
HTTP header, and the formal specifics of this header as defined in RFC 2109.
There are six parameters that can be assigned to a cookie. The first two are
mandatory and are set by pairingthem toether. The others (set optionally),
configured manually or automatically, typically separated by semicolons.
1.
Name
: This is any alphanumeric value (excludingsemicolons, commas,
and white space), used to identify the cookie.
2.
Value
: This cookie value may be any scalar.
3.
Expiration Date
: This determines the valid lifetime of the cookie and
if not explicitly set, defaults to the end of the session, as longas Alice's
browser is open.
4.
Path
: This sets the subset of URL paths on a domain for which the cookie
is valid. If a path is not specified, the default is the path of the document
that created the cookie.
5.
Domain
: This is the textual equivalent of a numerical IP address. When
searchinga cookie list, a comparison is made between the
tail
of the valid
host domain name (such as QQQ.com), and the tail of the cookies on the
list. For instance, it might be shopping.QQQ.com, which indeed satisfies
the
tail matching
for the domain QQQ.com. Because of this tailmatching,
no domain is allowed to set a cookie with fewer than two dots, in order
to distinguish among tails such as those containing
.com
,
.ca
,
.gov
, and
so on. Thus, for instance, QQQ.com would not be an allowed cookie on
the list. Moreover, the server settingthe cookie must be a member of
that domain. For instance, WWW.QQQ.com cannot set a cookie for the
domain WWW.RRR.com, since the security breaches would be severe.
6.
Secure Label
: If this label is set to TRUE, then the cookie may only be
sent over a secure channel, typically HTTPS (see page 220). The default
is FALSE, since most WWW sites do not need secure connections.
Basically cookies are pieces of textual data generated by a WWW server
for storage on a client's computer for future access. Cookies are embedded in
HTML information that flows between the client browser and the server. Most
often both the storage of, and access to, cookies goes unnoticed by the client.
However, any client, concerned about privacy issues can set their computer to
notify of any attempt to set a cookie, and will ask permission. Of course, this
may become a headache since there will be a lot of “alerts”. The crucial issue is
for the client to be “aware” of the issues, which this section addresses. Cookies
cannot damage your computer or give out private data on you without your
giving it out at a WWW site in the first place. The bottom line is that cookies
were meant as a mechanism to make it easier for you to access your favorite
WWW sites by storinginformation, so you do not have to loin each time you
visit, a process impossible before the advent of cookies due to the stateless
nature of HTTP.
Search WWH ::
Custom Search