What Is Cookie (Web Page)? – POFTUT

What Is Cookie (Web Page)?

A cookie is a file which is created by the web sites we have visited with our browser. This file or cookie contains some information about us and our visit for the specific web site. Cookies are very popular mechanisms used by web sites or web applications to store information and nearly every site creates some cookie web browser.

HTTP cookie or Web Cookie or Browser Cookie?

Cookies do not have a specific naming where they can be named as HTTP Cookie,Web Cookie or Browser Cookie. Actually, all of these three names suits well for the cookie because it is related to all of them. So we can use HTTP Cookie,Web Cookie or Browser Cookie without problem all them names the same cookie.

What Type Of Data Contains A Cookie?

We have defined a cookie as a file which contains some data about the user and web site. The stored cookie file is private for the given site or domain. So only the given web site or applications can read and change given cookie and related data. Below we can see cookies created by the microsoft.com web site.

What Type Of Data Contains A Cookie?

What Type Of Data Contains A Cookie?

We can see from the screenshot that different variables like MSFPC, ONERFSSO, etc. are stored under www.mirosoft.com domain. The cookie variables can change for different web sites or domains. Here are the details for the MSFPC cookie variable.

Example Cookie Content

Example Cookie Content

We see that the following information is stored with the cookie variable.

  • Name is the name of the cookie variable which is MSFPC in this example
  • Content is the real data the cookie variable stores and used by the web site or domain. In this example, data which starts with GUID ... is used which is likely a unique identifier and other data
  • Path is the hierarchical position of the cookie variable which is / or root in this case
  • Domain is the domain where the cookie variable belongs. In this example, the web site or domain is www.microsoft.com
  • Send for is used to specify the connection type like HTTP or HTTPS which is any kind which accepts both HTTP, HTTPS in this example
  • Accessible to script is used set if it can be accessed by the JavaScript which runs on the given domain or web site.
  • Created provides the date the cookie variable is created
  • Expires provides the date the cookie variable expires which is generally 1 year in general cookies.
LEARN MORE  How To Scan Wordpress Sites With Wpscan (Tutorial) For Security Vulnerabilities?

Where Cookies Used?

Cookies can be used for different things according to a web site or web application. But cookie use cases can be listed as 3 main categories.

  • Session Management is the most popular way for cookies. Logins, Shopping Charts, Game Scores are some user sessions management data where cookies are used.
  • Personalization is another popular category for cookies. User preferences, themes and other settings related to the domain, web site or web application can be stored.
  • Tracking is a recent popular usage for cookies. Especially recording and analyzing user behavior is related to the tracking user.

Cookie Types

There is a different type of cookies for different use cases.

Session Cookie

A session cookie is a special cookie which does not contain Expires or Max-Age directive in HTTP request and response. Generally, a Session ID is provided with the Cookie directive.

Permanent Cookie

By default, cookies are expired the browser is closed. If the Expires or Max-Age are used for a specified period of time the cookie will be permanent and do not delete after the current browser closed.

Secure Cookie

HTTPS is a secure protocol alternative and improvement to the HTTP protocol. Some cookies required to protected even in transmission by encrypting them with HTTPS. We can explicitly require a cookie to transmitted over HTTPS with secure cookies with the Secure option like below

HTTPOnly Cookie

Cookies can be manipulated with the JavaScript. This can create some attack surface like XSS attacks. We can prevent JavaScript to manipulate a cookie with the HTTPOnly directive.

List Cookies In Google Chrome Browser

Cookies can be listed in Google Chrome Browser in different ways but the easiest way is using address bar. We will type following address which will list all sites cookies in alphabetical order.

List Cookies In Google Chrome Browser

List Cookies In Google Chrome Browser

List Cookies In Mozilla Firefox Browser

We can list cookies in Mozilla Firefox Browser from the following URL which will navigate to the Privacy settings. Then we will click to the Manage Databutton like below.

LEARN MORE  Globally Unique Identifier (GUID) Generator For Linux, Windows, Java, PHP, C#, Javascript, Python

Open Cookie List In Firefox

Open Cookie List In Firefox

 

We will see the following screen which will list existing cookies, last used time and domain or web site.

Cookie List In Mozilla Firefox

Cookie List In Mozilla Firefox

Leave a Reply

Your email address will not be published. Required fields are marked *

Enjoy this blog? Please spread the word :)