Scribd
Upload
31 views

Protocol: Used To Request and Return Data Request/response Protocol

HTTP is a stateless protocol that uses methods like GET and POST to request and return data. Cookies were developed as an application-based solution to provide state retention over HTTP's stateless design. A cookie is a file created and stored by a web browser at the request of a website, which can be used by the website to recognize the user across browsing sessions. Cookies are commonly used for authentication, personalization, and tracking on websites.

Uploaded by

JEETRAM44
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
31 views

Protocol: Used To Request and Return Data Request/response Protocol

HTTP is a stateless protocol that uses methods like GET and POST to request and return data. Cookies were developed as an application-based solution to provide state retention over HTTP's stateless design. A cookie is a file created and stored by a web browser at the request of a website, which can be used by the website to recognize the user across browsing sessions. Cookies are commonly used for authentication, personalization, and tracking on websites.

Uploaded by

JEETRAM44
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

HTTP: HyperText Transfer Protocol

Used to request and return data


Methods: GET, POST, HEAD,

Stateless request/response protocol


Each request is independent of previous requests Statelessness has a significant impact on design and implementation of applications

Evolution
HTTP 1.0: simple HTTP 1.1: more complex
slide 1

Cookies in a nutshell is an application based solution to provide state retention over a stateless protocol.

Storing Info Across Sessions


A cookie is a file created by a website to store information in your browser
Brows er

POST login.cgi
username and pwd
HTTP Header: Set-cookie: NAME=VALUE ; domain = (who can read) ; expires = (when expires) ; secure = (only over SSL)

Server
If expires = NULL, this session only

Brows er

GET restricted. html Cookie: NAME=VALUE

Server

HTTP is a stateless protocol; cookies add state

slide 3

What Are Cookies Used For?


Authentication
Use the fact that the user authenticated correctly in the past to make future authentication quicker

Personalization
Recognize the user from a previous visit

Tracking
Follow the user from site to site; learn his/her browsing behavior, preferences, and so on
slide 4

Cookie Management
Cookie ownership
Once a cookie is saved on your computer, only the website that created the cookie can read it
If cookie is secure, browser will only send it over HTTPS but anyone can write a secure cookie!

Variations
Temporary cookies: stored until you quit your browser Persistent cookies: remain until deleted or

slide 5

Privacy Issues with Cookies


Cookie may include any information about you known by the website that created it
Browsing activity, account information, etc.

Sites can share this information


Advertising networks 2o7.net tracking cookie

Browser attacks could invade your privacy


November 8, 2001: Users of Microsoft's browser and e-mail programs could be vulnerable to having their browser cookies stolen or modified due to a new security bug in

slide 6

You might also like