COOKIES Gloria Soria Network Security COSC 356

What is a Cookie? A cookie is a piece of text that a Web Server can store on a user's hard disk. Cookies allow a Web site to store information on a user's machine and later retrieve it. The pieces of information are stored as name-value pairs.

Where do I find Cookies? If you use Microsoft's Internet Explorer to browse the Web, you can see all of the cookies that are stored on your machine

Example: Cookies on my Computer I can find all the cookies in the following directory: c:\Documents and Settings\Gloria\Cookies I find 277 files

Cookies Basics Each file is a text file  that contains name-value pairs, A name-value pair is a named piece of data. It is not a program, and it cannot "do" anything. A Web site can retrieve only the information that it has placed on your machine.  there is one file for each Web site that has placed cookies on the machine.

Example: Footlocker.com You can see which Web site placed the file on your machine by looking at the file name.

Example: Footlocker.com This information is also stored inside the file.

Cookie Basics The majority of sites store  just one piece of information -- a user ID -- on your machine.  But a site can store many name-value pairs if it wants to. Most sites seem to store user preferences in the site's database and store nothing but an ID as a cookie.

How Does Cookie Data Move? Data moves in the following manner: 1. If you type the URL of a Web site into your browser, your browser sends a request to the Web site for the page. Browser contacts the server and requests its homepage

How Does Cookie Data Move? 2.When the browser does this, it will look on your machine for a cookie file that the Web site has set.  If it finds an Amazon cookie file, your browser will send all of the name-value pairs in the file to Amazon's server along with the URL.  If it finds no cookie file, it will send no cookie data. 3.The web server receives the cookie data and the request for a page.  If name-value pairs are received, Amazon can use them.

How Does Cookie Data Move? 4.If no name-value pairs are received, the web server knows that you have not visited it before. The server creates a new ID for you in the server’s database and then sends name-value pairs to your machine in the header for the web page it sends.

How Do Web Sites Use Cookies? a cookie allows a site to store state information on your machine You have control over this process. You can set an option in your browser so that the browser informs you every time a site sends name-value pairs to you. You can then accept or deny the values.

What are cookies used for? Web sites use cookies in many different ways. Here are some of the most common examples: Sites can determine how many people actually visit the site.  How many visitors arrive  How many are new vs. repeat visitors  How often a visitor has visited

How many people are using the site? The way the site does this is by using a database. The first time a visitor arrives, the site creates a new ID in the database and sends the ID as a cookie. Site Returns new ID as a cookie Visitor requests homepage If it’s visitor’s first visit, create ID

How many people are using the site? The next time the user comes back, the site can increment a counter associated with that ID in the database and know how many times that visitor returns. If it’s not visitors first visit: counter ++ Request URL + cookie

Example of statistics Simple example of what cookies and a database can do. You can keep a history and a statistics system for an article.

History of my activity on HowStuffWorks Number of Page Views:10 Number of 'Visits':2 Total Time at Howstuffworks:18.20 mins. Avg. Pages Viewed per Visit:5 Avg. Time per Visit:9.10 mins. Avg. Time per Page Viewed:1.82 mins. History DisplaySUMMARY STATISTICSHistory DisplaySUMMARY STATISTICS History Display SUMMARY STATISTICS

Customization Sites can store user preferences so that the site can look different for each visitor. This is often referred to as customization. Example. I can go into weather.com and display the temperature in celcius degrees, instead of farenheit.

E-commerce sites  E-commerce sites can implement things like shopping carts.  The cookie contains an ID and lets the site keep track of you as you add different things to your cart.  Each item you add to your shopping cart is stored in the site's database along with your ID value.  When you check out, the site knows what is in your cart by retrieving all of your selections from the database.

Cookies And System Security Cookies do not act maliciously on computer systems. They are merely text files that can be deleted at any time - they are not plug ins nor are they programs. Cookies cannot be used to spread viruses and they cannot access your hard drive

Cookies And System Security however, any personal information that you give to a Web site, including credit card information, will most likely be stored in a cookie. In only this way are cookies a threat to privacy. The cookie will only contain information that you freely provide to a Web site.

Cookies And Privacy Each access your browser makes to a Web site leaves some information about you behind, creating a trail across the Internet

Example: The DoubleClick Network Is a system used to create profiles of individuals tastes and interests using the World Wide Web, to present them with advertising banners customized to their interests. DoubleClick's primary customers are Web sites looking to advertise their services.

SOURCES Textbook. Security and guide to network security. Cisco learning institute.