Cookies
Types of Cookies
- By lifespan: session (RAM) and persistent (disk). - By read write mechanism: server side (HTTP Headers) and client side (disk). - By structure: simple cookies and array cookies. - Secure cookies: only used with https and they're encrypted.
What are the contents of a cookie?
- Name - Content - Path - Domain - Created - Expired - Secure: only send over SSL, when the request is https - HttpOnly: only send via an HTTP request, not accessible to scripts in JavaScript
How to opt out of cookies?
- Set "do not track" in the browser settings. - Download "opt-out" cookies - Use the cookie management tools.
What is a conversion tracking cookie?
A cookie set when you click an advertisement (ad) delivered by Google, used by advertisers to track when a click results in a purchase.
What is a cookie?
A text file saved on your hard drive that tracks Web site preferences and use.
Cross-Site Scripting (XSS)
A type of injection, in which malicious scripts are injected into otherwise benign and trusted websites
Cross-Site Request Forgery (XSRF)
A type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.
Which are the four key player's involved in Ad Network's delivery to users?
Advertisers, website owners, Ad Network and visitors.
What can cookies do and cannot do?
Can: - Information explicitly provided to a website. - Track the interaction with the website. - Information available to the web server: ip, os, browser. Cannot: - Read or write to the disk. - Have automatic access to personal information. - Run programs in the computer.
Methods to identify and track visitors without the use of browser cookies:
Canvas fingerprinting: explodes the differences related to the browser that are produced when drawing text.
What are third party cookies?
Cookies set by a domain different from the one in the browser's address bar. Mostly used by advertisers to track the user's activity.
Is it possible to delete cookies?
No, they can only overwritten with a bogus value plus a backdated or short-lived "expires=".
What happens if we create a cookie with the same name, domain and path as an existing cookie?
The existing cookie is discarded.
How are cookies configured in HTTP requests and responses?
The header "Cookie" contains the encoded value of the cookie sent from the client to the server, while the header "Set Cookie" sends an encoded cookie from the server to the client.
What is the scope of a cookie?
URLs under the current host name. It can also be broadened to a group of DNS names using the field "names=".
