ethical hacking

What Are Cookies?

What are cookies?

We’ve all been harassed with the following request:

This website uses cookies … Please accept to continue

Oh yeah!

Cookies are data that are collected from websites that you visit and are stored on your own computer so that when next you visit that same website, the website remembers who you are, what your preferences are, what you have in your cart, etc.

Cookies are part of the http protocol which most applications have come to rely on, and which sadly can also be subject to exploitation.

Cookies enable servers to send items of data to the client, which the client stores and resubmits back to the server. Unlike the other types of request parameters (those within the URL query string or the message body), cookies can also be resubmitted in each subsequent request without any particular required interaction with the user or the application itself.

Cookies consist of a name/value pair, but they can also consist of any string that does not contain a space. Multiple cookies can be issued by using multiple Set-Cookie headers in the server’s response, and are all submitted back to the server in the same Cookie header, with a semicolon separating different individual cookies.

In addition to the cookie’s actual value, the Set-Cookie header can also include any of the following optional attributes, which can be used to control how the browser handles the cookie:

  1. expires — This is used to set a date until which the cookie is valid. This will cause the browser to save the cookie to persistent storage, and it will be reused in subsequent browser sessions until the expiration date is reached. If this attribute is not set, the cookie will only be used in the current browser session.
  2. domain — This is used to specify the domain for which the cookie is valid. This must be the same or a parent of the domain from which the cookie is received.
  3. path — This is used to specify the URL path for which the cookie is valid.
  4. secure – If this attribute is set, then the cookie will only be submitted via HTTPS requests.
  5. HttpOnly — If this attribute is set, then the cookie cannot be directly accessed via client-side JavaScript, although not all browsers support this restriction.

Cookies are not inherently bad in themselves, but the attributes set on a cookie can seriously impact the security of the application and make it vulnerable to malicious attacks.

Leave a Comment
Share
Published by
codeflare
Tags: cookiesethical hackingJavascript
3 years ago

Recent Posts

How to Create Neumorphism Effect with CSS

Neumorphism design, alternatively termed as "soft UI" or "new skeuomorphism," represents a design trend that…

1 day ago

How to Debug Your JavaScript Code

Debugging JavaScript code can sometimes be challenging, but with the right practices and tools, you…

4 days ago

Service Workers in JavaScript: An In-Depth Guide

Service Workers are one of the core features of modern web applications, offering powerful capabilities…

2 weeks ago

What are Database Driven Websites?

A database-driven website is a dynamic site that utilizes a database to store and manage…

3 weeks ago

How to show Toast Messages in React

Toasts are user interface elements commonly used in software applications, especially in mobile app development…

3 weeks ago

Exploring the Relationship Between JavaScript and Node.js

JavaScript has long been synonymous with frontend web development, powering interactive and dynamic user interfaces…

4 weeks ago

Find Us

Address
Suite C3-19, Central Market Plaza, Beside Sledge Resort, Off Byazhin Roundabout, Kubwa, Abuja.

Hours
Monday–Friday: 8:00AM–5:00PM
Saturday: 9:00AM–4:00PM