Calling Cookie Experts...
-
So for like the Nth time I've wondered about browser based cookies. I read this article http://www.codeproject.com/aspnet/aspnetcookies.asp[^]which talks some about cookie management and I can see how cookies must be handled. But from a security standpoint. When I go to a site and someone cookies my browser what all can they do? I'm guessing you can store whatever data in the cookie you want. Like you could have: cookie.name //where this is the name of perhaps the day of the week. cookie.date //where this is the current date. cookie.server //where this is the I.P. of the server I mean you can probably save a bunch of stuff in a cookie but I imagine there is a size limit. So what can spyware guys do with cookies? Can they retreive information from you? When I tell a site (like CP) to remember me they are just writing my username and password to the cookie right? Could someone on another site (say I mis-typed the url and did code-project.com) check for that cookie and get my username and password? I'm mainly wondering this because cookies are a bit strange as a concept and I'm trying to learn more about them. Like they cannot automatically upload data to a site right? The page you visit has to know the cookies name and then request it... From a security perspective I'm just curious about cookies in general. Admittedly cookies are the least of my concerns (I hope) so call this a curiosity...
Some assembly required. Code-frog System Architects, Inc.
Don't Panic. Cookies are text files - no executables there. They're also domain-specific; only the domain that created the cookie receives it. Cookies are an attempt to add state to a TCP connection which is, by definition, stateless. You can block them using settings in your browser, but that will create more overhead when you repeatedly visit the same site. "...a photo album is like Life, but flat and stuck to pages." - Shog9
-
So for like the Nth time I've wondered about browser based cookies. I read this article http://www.codeproject.com/aspnet/aspnetcookies.asp[^]which talks some about cookie management and I can see how cookies must be handled. But from a security standpoint. When I go to a site and someone cookies my browser what all can they do? I'm guessing you can store whatever data in the cookie you want. Like you could have: cookie.name //where this is the name of perhaps the day of the week. cookie.date //where this is the current date. cookie.server //where this is the I.P. of the server I mean you can probably save a bunch of stuff in a cookie but I imagine there is a size limit. So what can spyware guys do with cookies? Can they retreive information from you? When I tell a site (like CP) to remember me they are just writing my username and password to the cookie right? Could someone on another site (say I mis-typed the url and did code-project.com) check for that cookie and get my username and password? I'm mainly wondering this because cookies are a bit strange as a concept and I'm trying to learn more about them. Like they cannot automatically upload data to a site right? The page you visit has to know the cookies name and then request it... From a security perspective I'm just curious about cookies in general. Admittedly cookies are the least of my concerns (I hope) so call this a curiosity...
Some assembly required. Code-frog System Architects, Inc.
I mean you can probably save a bunch of stuff in a cookie but I imagine there is a size limit. If memory serves me correct (and it hasn't been lately :)), it's 8K per cookie. At least on the older browsers. Could someone on another site (say I mis-typed the url and did code-project.com) check for that cookie and get my username and password? Nope. Cookies belong to the domain whether or not you specify it. From a security perspective I'm just curious about cookies in general. Admittedly cookies are the least of my concerns (I hope) so call this a curiosity... Information-wise, anything can be stored. They are often used to collect demographics about frequency of visits, what you like to shop for, etc. I'm sure there are some malicious uses, I just can't think of any off the top of my head. Jeremy Falcon
-
So for like the Nth time I've wondered about browser based cookies. I read this article http://www.codeproject.com/aspnet/aspnetcookies.asp[^]which talks some about cookie management and I can see how cookies must be handled. But from a security standpoint. When I go to a site and someone cookies my browser what all can they do? I'm guessing you can store whatever data in the cookie you want. Like you could have: cookie.name //where this is the name of perhaps the day of the week. cookie.date //where this is the current date. cookie.server //where this is the I.P. of the server I mean you can probably save a bunch of stuff in a cookie but I imagine there is a size limit. So what can spyware guys do with cookies? Can they retreive information from you? When I tell a site (like CP) to remember me they are just writing my username and password to the cookie right? Could someone on another site (say I mis-typed the url and did code-project.com) check for that cookie and get my username and password? I'm mainly wondering this because cookies are a bit strange as a concept and I'm trying to learn more about them. Like they cannot automatically upload data to a site right? The page you visit has to know the cookies name and then request it... From a security perspective I'm just curious about cookies in general. Admittedly cookies are the least of my concerns (I hope) so call this a curiosity...
Some assembly required. Code-frog System Architects, Inc.
Oh, and if you intend to work with cookies on the client (the old-fashioned way) with JavaScript, then use my code and vote me a gazillion 5s. :laugh: http://www.codeproject.com/jscript/parse.asp[^] If there's a bug in it, just blame someone else (kidding). Jeremy Falcon
-
So for like the Nth time I've wondered about browser based cookies. I read this article http://www.codeproject.com/aspnet/aspnetcookies.asp[^]which talks some about cookie management and I can see how cookies must be handled. But from a security standpoint. When I go to a site and someone cookies my browser what all can they do? I'm guessing you can store whatever data in the cookie you want. Like you could have: cookie.name //where this is the name of perhaps the day of the week. cookie.date //where this is the current date. cookie.server //where this is the I.P. of the server I mean you can probably save a bunch of stuff in a cookie but I imagine there is a size limit. So what can spyware guys do with cookies? Can they retreive information from you? When I tell a site (like CP) to remember me they are just writing my username and password to the cookie right? Could someone on another site (say I mis-typed the url and did code-project.com) check for that cookie and get my username and password? I'm mainly wondering this because cookies are a bit strange as a concept and I'm trying to learn more about them. Like they cannot automatically upload data to a site right? The page you visit has to know the cookies name and then request it... From a security perspective I'm just curious about cookies in general. Admittedly cookies are the least of my concerns (I hope) so call this a curiosity...
Some assembly required. Code-frog System Architects, Inc.
[sniff] Programming Question [/sniff] BTW, thanx for the topic. Web programming has always been an unseen land for me, so any info about it is good for me. Can't help you though :( Regards, Aamir
-
So for like the Nth time I've wondered about browser based cookies. I read this article http://www.codeproject.com/aspnet/aspnetcookies.asp[^]which talks some about cookie management and I can see how cookies must be handled. But from a security standpoint. When I go to a site and someone cookies my browser what all can they do? I'm guessing you can store whatever data in the cookie you want. Like you could have: cookie.name //where this is the name of perhaps the day of the week. cookie.date //where this is the current date. cookie.server //where this is the I.P. of the server I mean you can probably save a bunch of stuff in a cookie but I imagine there is a size limit. So what can spyware guys do with cookies? Can they retreive information from you? When I tell a site (like CP) to remember me they are just writing my username and password to the cookie right? Could someone on another site (say I mis-typed the url and did code-project.com) check for that cookie and get my username and password? I'm mainly wondering this because cookies are a bit strange as a concept and I'm trying to learn more about them. Like they cannot automatically upload data to a site right? The page you visit has to know the cookies name and then request it... From a security perspective I'm just curious about cookies in general. Admittedly cookies are the least of my concerns (I hope) so call this a curiosity...
Some assembly required. Code-frog System Architects, Inc.
code-frog wrote:
cookies are the least of my concerns (I hope) so call this a curiosity...
ZeePain! wrote:
This seems like one of those programs that started small, grew incrementally, building internal pressure, and finally barfed all over its source code sneakers. Or something.
-
Don't Panic. Cookies are text files - no executables there. They're also domain-specific; only the domain that created the cookie receives it. Cookies are an attempt to add state to a TCP connection which is, by definition, stateless. You can block them using settings in your browser, but that will create more overhead when you repeatedly visit the same site. "...a photo album is like Life, but flat and stuck to pages." - Shog9
-
Cookies are an attempt to add state to a TCP connection which is, by definition, stateless. I'm taking it you meant to say "HTTP" where it says "TCP"?
Yup. It was really late...:sigh: "...a photo album is like Life, but flat and stuck to pages." - Shog9
-
So for like the Nth time I've wondered about browser based cookies. I read this article http://www.codeproject.com/aspnet/aspnetcookies.asp[^]which talks some about cookie management and I can see how cookies must be handled. But from a security standpoint. When I go to a site and someone cookies my browser what all can they do? I'm guessing you can store whatever data in the cookie you want. Like you could have: cookie.name //where this is the name of perhaps the day of the week. cookie.date //where this is the current date. cookie.server //where this is the I.P. of the server I mean you can probably save a bunch of stuff in a cookie but I imagine there is a size limit. So what can spyware guys do with cookies? Can they retreive information from you? When I tell a site (like CP) to remember me they are just writing my username and password to the cookie right? Could someone on another site (say I mis-typed the url and did code-project.com) check for that cookie and get my username and password? I'm mainly wondering this because cookies are a bit strange as a concept and I'm trying to learn more about them. Like they cannot automatically upload data to a site right? The page you visit has to know the cookies name and then request it... From a security perspective I'm just curious about cookies in general. Admittedly cookies are the least of my concerns (I hope) so call this a curiosity...
Some assembly required. Code-frog System Architects, Inc.
code-frog wrote:
So for like the Nth time I've wondered about browser based cookies.
I must be thinking of something else. I thought you were asking about brownies and baked cookies. :) Marc VS2005 Tips & Tricks -- contributions welcome!
-
[sniff] Programming Question [/sniff] BTW, thanx for the topic. Web programming has always been an unseen land for me, so any info about it is good for me. Can't help you though :( Regards, Aamir
Not a programming question though (here) it easily could be. I am a network administrator for several small businesses and one in particular has some interesting questions for me on security and they were wondering about cookies. I recommended "The Cookie Lady" they accused me of being "baked" and then I realized they meant browser cookies so I came here thinking programming-dorks will know if anybody does... I'm actually baking a browser cookie to take over the world. It will be a super-cookie made up of smaller cookies called "chips". My cookie will infect the world with cookie-lust and snow storms. Yeah, you caught me. I've been reading way to much Calvin & Hobbes lately. Just can't help myself... Calvin's my hero.:) It used to be Shog but then I saw where he made a programming mistake and admitted it publicly. I didn't know Shog made mistakes so now he's 2nd on "The All Time Hero List" and Calvin is back at #1.:cool:
Some assembly required. Code-frog System Architects, Inc.
-
[sniff] Programming Question [/sniff] BTW, thanx for the topic. Web programming has always been an unseen land for me, so any info about it is good for me. Can't help you though :( Regards, Aamir
Aamir Butt wrote:
Programming Question
IMO not in the sense it is used here in "no programming questions". It is a pity that the "programming Question" ban seems to purge all technical topics from the lounge.
We say "get a life" to each other, disappointed or jokingly. What we forget, though, is that this is possibly the most destructive advice you can give to a geek.
boost your code || Fold With Us! || sighist -
code-frog wrote:
So for like the Nth time I've wondered about browser based cookies.
I must be thinking of something else. I thought you were asking about brownies and baked cookies. :) Marc VS2005 Tips & Tricks -- contributions welcome!
Marc Clifton wrote:
brownies and baked cookies
You would say that as I finish my salad for lunch (Mr. Waistline hasn't been a good boy lately :sigh:).
Software Zen:
delete this;