Lets learn "What are HTTP Cookies?"

-

 

So in this tutorial we will going to learning about cookies , Web cookies .


So do you know how it is possible that u needn't login every time of sites like facebook , gmail etc.
Once u logged in , u needn't login again until or unless u logout.
But in case of banking sites every time you visit u need to login. 

How is this done ?

The answer to this is cookies .

What are cookies ?

HTTP cookie (also called web cookieInternet cookiebrowser cookie or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). 

So cookies are some piece of data that is returned by the server when request to server is made (like login request)  and this piece of data is saved by web browser and sent with every request (as a cookie parameter) to the same website (to which cookie is related).

If the cookies are stored in user web browser , so definitely it is possible for the user to see this .
Lets see how to see the cookies stored in browser for any site .


Download a cookie manager , which is an extension in chrome (icon is of fourth number from left in the image above ). You can download from here .

Once u add the extension to chrome , visit any site for which u want to see the cookies and after the site completes loading , open the cookie manager from chrome>tools>Extensions>Cookie Manager options to see the cookies .

For e.g : Lets see the cookies for www.flipkart.com

After login in the flipkart.com , go to cookies manager and search www.flipkart.com .


Expand using button to see all the cookies .

Now in flipkart.com cookie named as SN stores the session for the user (i.e it is the main cookie which identifies which and wheather user is logged in or not). Lets see this .



First lets talk about the different attributes stored for cookies as shown in above image .

1. Domain Name : It defines the name for which this cookie is related (.flipkart.com in our case) .
2. Path : it defines the path address for the cookie.
3. Name : It defines the name of the cookie (SN in our case).
4. Value : It is the value for the cookie .
5. Expires : It defines the expiry time for the cookie (date + time).
6. Session : It is checked if cookie is a session cookie as opposed to a persistent cookie with the expireation date .
7. Host-Only : It defines that this cookie is only read by the sites which is having the domain .flipkart.com(as specified in Domain name) .
8. Read-Only : It defines that wheather cookie can be overwrite using client-side javascript or not .
If it is checked , then cookie is only readable , javascript can't overwrite it.
9. Secure / HttpOnly : It defines that wheather it is possible to access the cookie by javascript (like document.cookies provide the cookies in javascript) but if Secure is checked , javascript will unable to access the required cookie .

And That's all about the cookie attributes ...

Now let me show you the magic of cookies...
* Open the flipkart.com and login there .
* Open the cookie manager to see the flipkart.com cookies .
* As SN is the session cookie for flipkart , just modify the cookie (either delete , replace or insert new characters)  and save it .
* Now refresh the flipkart.com and you will see that you'll automatically get logged out .
* This is the power of cookie .

And even if you are able to access the cookie of any of your friend (like SN cookie of flipkart.com) , just copy and paste that cookie in cookie manager and refresh the page . You will able to login as your friend(whose cookie u have captured) . This is known as Session Hijacking .


So....
Hope you like this short tutorial on HTTP cookies .

Stay tuned for upcoming tutorials .
For any problem or queries, please comment below...

Comments

Post a Comment

Popular posts from this blog

Lets learn "About kube proxy in iptables mode"

-
Image
In this tutorial, we'll learn about the Kube-proxy in iptables mode. Basically, we'll see how Kube-proxy create iptables that help in load balancing and service discovery. If you are not familiar with Linux IPTables I would recommend to check out my tutorial on IPTables here  first and then come back to read this tutorial. Kube-proxy Kube-proxy when running in iptables mode basically watch kube-apiserver for new endpoints and create corresponding iptables rules and iptables are fully responsible for service discover and proper routing of traffic to corresponding pods. Kube-proxy needs to run on all k8s worker nodes. Below is a small video describing the working of kube-proxy in iptables mode.  src:  https://www.slideshare.net/CJCullen/kubernetes-networking-55835829 Now that we know what Kube-proxy is and how it Kube-proxy works, let deep dive into the types of iptables Kube-proxy adds to the firewall. Kube-proxy added IPTables To learn this let's consider an example. Cons...
Read more

Lets learn "System design for paste bin (or any text sharing website)"

-
Image
  In this tutorial, we'll learn about the system design for PasteBin. If you don't know what Pastebin is here goes its definition. Pastebin is a type of online content hosting service where users can store texts to share with others over the internet.  Pastebin system design requirements  Functional Basic - User should be able to paste the text, generate the link and share the link with other users. There should be the max size of the text that our system will support (say 10Mb) Users should be able to provide the custom URL path for the link created. Like if a user wants to create the links  www.pb.com/letlearn, he can give this URL and pastebin should create a link using this URL to share with others. The link or paste expiry feature should be there for each stored text. There can be default expiry time say 1 year but this should be configurable. Personalization means the user should be able to login to track all the pastes created by him and manage them. Non-Funct...
Read more

Lets learn "What is CDN?"

-
Image
  In this tutorial, we'll learn about What is CDN ( Content delivery network ) and how it works. Introduction Whenever you access any website on your mobile phone or laptop or any other device using the internet connection, you must have seen for some of the websites the pages load quickly, and for others, it takes considerably more time. Why is that?  Basically loading any website requires the data needs to be downloaded from the server where that particular website is hosted. For e.g, if you are accessing a website in Canada which is hosted on a server in India, it will take some time due to the latency but if that website is hosted on servers in Canada itself it will take less time to load due to low latency. So internet experience can be bad for some of the websites when clients and servers are separated by a long distance. One could argue that why not host the website on servers in all regions but that would increase the cost a lot. The better solution is to use CDN. Let'...
Read more