| Get this Security+ CertiGuide for your own computer. |
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31) |
|
| Also available: 300-question Security+ practice test! |
| Get It Here! |
|
|
2.3.4.4 Cookies
(Page 1 of 3)
A cookie is a piece of information
sent from a web server to a web browser, and then (usually) stored by
the web browser on the client machine for use at a later time.
![[spacer]](1p.gif)  How Cookies Work
Cookies are a technique developed to personalize content (for instance, by storing information about a user, that can be incorporated into pages from that site in the future) and to make up for a limitation of the web. As originally designed, a web server sat around and handled requests for web pages, without trying to remember who asked for what page last, what data they submitted in that web form asking for their address, etc. Each page request was treated as a separate task, completely unrelated to any tasks (other page requests or web page form data submissions) that came before it. This type of behavior is referred to as “stateless” because the server does not keep track of the “state” of any of the clients who might have requested web pages from it.
Because many web applications need to keep track of where a user has been (and who the user is), the idea of a “magic cookie” was born. The way it works is that the web server passes the browser a “cookie” which may contain data gathered by the web server (such as the user’s email address) or maybe simply a “magic number” understood internally by the web server that identifies which connection (series of transaction) this page request is associated with, and, whenever the browser contacts the web server, it sends back the cookie, thus, identifying itself to the web server. The cookie is often (but not always) stored as a text file on disk.
|
Cookies themselves contain a variety
of information, such as the host to which the cookie should be sent,
as well as, whatever unique identifying information (or other data)
that the web server wants you to furnish whenever you try to contact
it. Those who worry about such things might be concerned that a cookie
can contain anything on your hard disk should be consoled by the fact
that cookies can only contain information that you once provided to
the web server that created the cookie. If you didn’t give the
web server your social security number, the site can’t store it
in a cookie.
 Cookies
A cookie is a piece of information sent from a web server to a web browser, which is usually stored on the user’s PC for future use.
Depending on what information a user has provided to a web server, sensitive data may be in any cookie the web server asks to be stored on that user’s PC. Cookies can only contain information that was provided by the user to the web server.
|
While sites could store into a cookie
information like the user ID, password, credit card numbers, etc. that
you provide them, they generally don’t (knowing that it’s
not a good practice), and instead opt to not store that information
at all, or store it on their own secure servers, using a “magic
number” cookie to look it up later, as described above.
| If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support! |
|
|
Home -
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.
|
