Web sys Role of Cookies
These are ________ of _________, Session, Persistent, Secure, Http Only, Third-Party, Zombie.
Types, Cookies
Secure cookie only can be transmitted over _________ connection
Encrypted
Cookies were discussed in two US Federal Trade Commission hearings in ________ and ________
1996, 1997
In February _______, the working group identified __________ cookies as considerable threat to privacy, the specification was published by RFC 2109 in February 1997
1996, third-party
Cookie specification require that the browser can support at least _______ bytes in size, can store at least ______ cookies per domain and can store at least a total of _______ cookies in total
4096, 50, 3000
The general size of cookies are ________
4KB
The value of a cookie may contain any printable __________ characters and the name may contain a = sign
ASCII
Cookies do not identify a person, they identify a combination of user __________ a computer and __________
Accounts, web-browser
_________ cookies are used by webservers to know when you are logged in and to send sensitive information. Security _________ may allow the data to read by hackers.
Authentication, vulnerability
The browser ________ can be used to store JavaScript which won't download to the user computer but launch in the browser and track the users activity.
Cache
________ helps to recreate Zombie cookies when they are deleted. the content are stored in multiple locations like flash local storage, Html5 storage, when the cookie absence is detected it, gets recreated from the stored contents.
Client-side scripting
Cookies are arbitrary piece of data sent by the server and stored on the _________ by the __________
Computer, browser
The Structure of cookies are: the Name, ___________, information it contains, __________, using this cookie, ________, page where it is used, _______, Accessible to script (yes or no), Created (the date), and Expires.
Content, Domain, Path, Send for
The term ________ _____ is sometimes used to refer to a cookies name-value pair
Cookie crumb
_______ are small pieces of data sent between a ______ and a receiver.
Cookie, sender
A cookie is ________ and _______ by the sender, while the receiver only holds it and sends it back if the receiver asks for it.
Created, interpreted
Http-only cookie can only be transfer over http or https, this restriction mitigate but does not eliminate the threat of ________ _______
Cross-site scripting (XSS)
Today cookie no longer store the data of a shopping cart, that is stored in a _________
Database
JavaScript can use to set cookie the Object ______________ is used for this purpose
Document.cookie
The first browser to use and support cookies was ________ ________
Mosaic Netscape
These _________ cookies work on sites that users perform financial transaction and ensure your information is protected, they are called ___________
Encrypted, Secure-cookies
Cookies are supported more in the _____ ______ on mobile devices
Far East
Originally, cookies were not known and was accepted by default, until the _______ ______ published un article about them in February 12, 1996.
Financial Times
A browser's _____ can be used to identify a user, it has version number, screen resolution and OS
Fingerprint
______ cookie are also called web, internet, browser or just cookie.
Http
Http Only cookies can only be used by _______ ______ they do not imply any privacy or security risks for users.
Http protocol
________ is an alternative to tracking cookies but it is not reliable since users are often behind a firewall or NAT
IP Address
Apple uses a tracking technique called ______ _________(IDFA) to track their shoppers in order to send them the right ads.
Identifier For Advertisers
Besides privacy concerns, cookies have technical drawbacks, they don't accurately _______ users, they can be used for security attack and they are often at odds with __________ architectural style.
Identify, REST
The purpose of cookies are to ________ the user, check for his past _______ on the website and provide appropriate content based on this data.
Identify, activity
Cookie was created by Lou Montulli in 1994 at Netscape for ________
MCI
The term cookie came from _________ ________ which is a packet of data a program receives and sends back unchanged.
Magic cookie
A session cookie, also known as _________ cookie or transient cookie exist only in memory while the user navigates the website. Session cookies do not have _________
In-memory, expiration-dates
An attacker could use __________ cookies to impersonate a user and perform malicious attack.
Intercepted
Using HTTP-only cookies will mitigate cross-site scripting since these cookies are not accessible by ___________ language.
JavaScript
Cookies were first used in ______ ______ by an employee of Netscape communication for an ecommerce application.
July 1994
Flash, silverlight also use _________ storage and is similar to persistent cookie.
Local
Tracking cookies are commonly used to compile __________ records that prompt the European and US law makers to take action in 2011.
Long-term
Minimum content of a cookie are _______, _______ zero or more attributes
Name, Value
Browsers do not send cookie attribute back to the server, they only send the ________ and _____
Name, value
Mosaic Netscape was the first browser to use cookies and did it in _______ _________
October 1994
By default internet explorer allows third-party cookies only if they are accompanied by a __________ compact policy (CP) field
P3P (privacy third party)
Session cookies also helps to improve ________ ______ times
Page load
________ cookies are called _______ cookies, they last on the users computer until deleted or expire.
Persistent, tracking
Many websites use cookies for ____________ based on the user's ___________
Personalization, preferences
Etags work similar to ___________ cookies but they can be removed by clearing the browser's cache
Pesistent
Most modern web browsers contain ______ settings that can block third-party cookies
Privacy
Hidden form fields can use to track session, it is similar to the URL _____
Query strings
RFC 2109 was superseded by ________ in October 2000
RFC 2965
The older RFC 2109 and 2965 specify that browsers should protect user privacy but the newer standard __________ explicitly allows user agents to implement third party cookie.
RFC 6265
When a server asks for a cookie, it _______ it and _______ a particular configuration of the website for that specific user.
Reads, loads
Cookie identification is very useful especially on websites where ______ user _______ is critical.
Real-time, data
Cookies are set using the HTTP ____________ header, sent in an HTTP _______
Set-cookie, Response
Cookies were designed to be _________ mechanism for websites to remember _________ information or activity including clicking buttons and visited pages.
Reliable, stateful
The Domain and Path attribute defines the _______ of the cookie
Scope
If a browser set the _________ flag while setting a cookie the browser will use TLS to send the cookie.
Secure
When browsing the web, the cookie sender is the _______ on which a website runs and the receiver is the __________ of the user that visits that website.
Server, web-browser
Cookies used for login page has a unique _________ _________
Session Identifier
Window.name is also a security risk it can be used for __________
Session tracking
______ cookies are of the most common types, they exist in temporary ________ not harmful and deletes the information when the browser is closed.
Session, memory
The first time a user visits a website the server ______ a particular cookie in the _______ of that user. when the user visits again the server asks for it.
Stores, web-browser
Storing data that identifies a session in a query ________ enables or simplifies session fixation attacks.
String
_______ cookie are used to track technologies that do not use http cookies.
Super
A HTTP Response will instruct the browser to store the cookie, the browser will ignore the header if it does not ___________ cookies or has _________ cookies.
Support, disabled
You can think of a cookie like a ______ applied by web servers to every user.
Tag
True or False, the text on the left of = is the name and the number on the right is the value
True
________ ________ Cookies belong to a different domain other than the one that sent them. They are usually sent by ads and store users browsing history across multiple system that use the same ads.
Third party
Super cookie originate from _________ such as .com, they are often block by browsers, it can maliciously affect a user visiting another .com site even if don't belong to that site.
Top-Level Domain
Persistent cookies are sometimes referred to as ___________ cookies because they expire when the creator intends,, they don't lose the info when the user logs of like ________ cookies, they keep sending info every time the user logs on to the site.
Tracking, session
If a request to a site do not contain a cookie, the server assume its the first page being visited, create a ___________ (string of letters and numbers) and sends it along with the page back to browser
Unique-identifier
Cookies provided a solution to the problem of reliably implementing a _______ __________
Virtual, shopping-cart
Only security products can remove ________ cookies, they recreate themselves if the user deletes them, they are stored outside the browsers, they can be used for malicious purpose because the browser cannot control their existence.
Zombie
HTML5 supports local session storage and is _________ to persistent cookies
similar
