Monday 23 December 2013

HTTP Cookie



HTTP cookie

HTTP is an anonymous and stateless protocol. It would be difficult to track the user status just from HTTP protocol. Other technology will be applied to fulfil the task. Cookie and Session are two widely used technologies.
In this blog, I am going to talk about the Cookie, it will cover

  • ·         Cookie introduction:
  • ·         Cookie fields:
  • ·         Cookie in user session tracing:
  • ·         Cookie with security and privacy issue:


cookie introduction:

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity.[1] Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items in a shopping cart) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited by the user as far back as months or years ago). [from wikipedia]
To be shortening, cookie is the small data section stored in client; the web server can use the cookie to track the client behaviour.
Now there are two versions of cookies: cookie version 1 and cookie version 2. Google and other internet companies are developing other alternative ways to replace cookie.

Cookie fields:

Cookie fields are usually key=value pairs, it can contain any customized key-value pair such as username=rafaxu, country=Australia, etc.These fields are used by the web server to track the user identity.
Besides these customized fields, there are some fields used by the protocol.
Domain and Path:
The fields indicate the domain and path where the cookie should be applied to. The cookie is just for that specify domain and path.
Eg: Domain=docs.foo.com; Path=/accounts;
Expires and Max-Age:
This field indicates when the cookie will be expired.
There are two ways:
Expires= “Wdy, DD-Mon-YYYY HH:MM:SS GMT” – the cookie will be expired after that time
Or Max-Age:seconds     -- the cookie will be expired after certain seconds.
Secure and HttpOnly:
These are only flags without value. Secure means  only used in SSL, HttpOnly means only used in http(https) protocol.

how cookie is working:

 How cookie is used in tracking the user session can be illustrated here:


  1. The client (browser) requests a web page.
  2. The web server returns the content together with the cookie
  3. the next time when the browser requests other pages in the web server, it will sent the cookie back to the web server so the web server will know who you are.

 Disadvantage of Cookie:
There are some disadvantages of cookie.
1.       Privacy and security. Cookies are usually stored in plain text that mean everyone can view and modify the content if he gets access to the file.
2.       It is not compatible with some of the Web technology such as REST.
3.       It will consume additional HTTP traffic
4.       It is not used well in mobile browser.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)