• No results found

Cookies Overview and HTTP Proxies

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Cookies Overview and HTTP Proxies"

Copied!
20
0
0

Loading.... (view fulltext now)

Download now ( 20 Page )

Full text

(1)

Cookies Overview

and HTTP Proxies

(2)

What is a Cookie?

ƒ

Small piece of data generated by a web server,

stored on the client’s hard drive.

ƒ

Serves as an add-on to the HTTP specification

(remember, HTTP by itself is stateless.)

ƒ

Still somewhat controversial, as it enables web

sites to track web users and their habits…

(3)

Why use Cookies?

ƒ

Tracking unique visitors

ƒ

Creating personalized web sites

ƒ

Shopping Carts

ƒ

Tracking users across your site:

ƒ

e.g. do users that visit your sports news page

also visit your sports store?

(4)

Example Cookie Use

ƒ Website wants to track the number of unique visitors who access its site.

ƒ If the website checks the HTTP Server logs, it can

determine the number of “hits”, but cannot determine the number of unique visitors.

ƒ That’s because HTTP is stateless. It retains no memory regarding individual users.

(5)

Tracking Unique Visitors

ƒ Step 1: Person A requests the website.

ƒ Step 2: Web Server generates a new unique ID.

ƒ Step 3: Server returns home page plus a cookie set to the unique ID.

ƒ Step 4: Each time Person A returns to the website, the browser automatically sends the cookie along with the GET request.

(6)

Cookie Notes

ƒ

Created in 1994 for Netscape 1.1

ƒ

Cookies cannot be larger than 4K

ƒ

No domain (e.g. netscape.com, microsoft.com)

can have more than 20 cookies.

ƒ

Cookies stay on your machine until:

ƒ

they automatically expire

ƒ

they are explicitly deleted

(7)

Cookie Standards

ƒ

Version 0 (Netscape):

ƒ The original cookie specification

ƒ Implemented by all browsers and servers

ƒ We will focus on this Version

ƒ

Version 1

ƒ A proposed standard of the Internet Engineering Task Force (IETF)

ƒ Not very widely used (hence, we will stick to Version 0.)

(8)

Cookie Anatomy

ƒ

Version 0 specifies six cookie parts:

ƒ

Name

ƒ

Value

ƒ

Domain

ƒ

Path

ƒ

Expires

ƒ

Secure

(9)

Cookie Parts: Name/Value

ƒ

Name

ƒ

Name of your cookie (Required)

ƒ

Cannot contain white spaces, semicolons or

commas.

ƒ

Value

ƒ

Value of your cookie (Required)

ƒ

Cannot contain white spaces, semicolons or

(10)

Cookie Parts: Domain

ƒ Only pages from the domain which created a cookie are allowed to read the cookie.

ƒ For example, amazon.com cannot read yahoo.com’s cookies (imagine the security flaws if this were otherwise!)

ƒ By default, the domain is set to the full domain of the web server that served the web page.

ƒ For example, myserver.mydomain.com would automatically set the domain to .myserver.mydomain.com

(11)

Cookie Parts: Domain

ƒ Note that domains are always prepended with a dot.

ƒ This is a security precaution: all domains must have at least two periods.

ƒ You can however, set a higher level domain

ƒ For example, myserver.mydomain.com can set the domain to .mydomain.com. This way

hisserver.mydomain.com and

herserver.mydomain.com can all access the same cookies.

ƒ No matter what, you cannot set a domain other than your own.

(12)

Cookie Parts: Path

ƒ

Restricts cookie usage within the site.

ƒ

By default, the path is set to the path of the page

that created the cookie.

ƒ

Example: user requests page from

mymall.com/storea. By default, cookie will only

be returned to pages for or under /storea.

ƒ

If you specify the path to / the cookie will be

returned to all pages (a common practice.)

(13)

Cookie Parts: Expires

ƒ

Specifies when the cookie will expire.

ƒ

Specified in Greenwich Mean Time (GMT):

ƒ Wdy DD-Mon-YYYY HH:MM:SS GMT

ƒ

If you leave this value blank, browser will delete

the cookie when the user exits the browser.

ƒ This is known as a session cookies, as opposed to a persistent cookie.

(14)

Cookie Parts: Secure

ƒ

The secure flag is designed to encrypt

cookies while in transit.

ƒ

A secure cookie will only be sent over a

secure connection (such as SSL.)

ƒ

In other words, if a cookie is set to secure,

and you only connect via a non-secure

(15)

User-server interaction: cookies

server client

„ server sends “cookie” to client in response msg

Set-cookie: 1678453

„ client stores & presents cookie in later requests

cookie: 1678453 „ server matches presented-cookie with server-stored info … authentication … remembering user preferences, previous choices usual http request msg usual http response + Set-cookie: # usual http request msg cookie: # usual http response msg cookie-spectific action usual http request msg cookie: # usual http response msg cookie-spectific action

(16)

Cookie example

telnet www.google.com 80 Trying 216.239.33.99... Connected to www.google.com. Escape character is '^]'. GET /index.html HTTP/1.0 HTTP/1.0 200 OK

Date: Wed, 10 Sep 2003 08:58:55 GMT Set-Cookie:

PREF=ID=43bd8b0f34818b58:TM=1063184203:LM=1063184203:S =DDqPgTb56Za88O2y; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com

. .

(17)

Web Caches (proxy server)

Goal:

satisfy client request without involving origin server

origin server „ user sets browser: Web

accesses via web cache

„ client sends all http requests to web cache

… if object at web cache, web cache immediately returns object in http response

… else requests object from origin server, then returns http response to client client Proxy server client http request http req uest http response http re sponse http req uest http re sponse http request http response origin server

(18)

More about Web caching

„ Cache acts as both client and server

„ Cache can do up-to-date check using

If-modified-since

HTTP header

… Issue: should cache take risk and deliver cached object without checking?

… Heuristics are used.

„ Typically cache is installed by ISP (university,

company, residential ISP)

Why Web caching?

„ Reduce response time for client request.

„ Reduce traffic on an institution’s access link.

„ Internet dense with

caches enables “poor” content providers to

(19)

Note: Meta tags and http-equiv

„ HTTP servers use the property name specified by the

http-equiv attribute to create an [RFC822]-style header in the HTTP response.

„ The following sample META declaration:

<META http-equiv="Expires" content="Tue, 20 Aug 1996 14:25:27 GMT">

will result in the HTTP header:

Expires: Tue, 20 Aug 1996 14:25:27 GMT

This can be used by caches to determine when to fetch a fresh copy of the associated document.

(20)

References

„ V22.0480-001, Sana` Odeh , Computer Science Department, New York University.

„ Representation and Management of Data on the Internet (67633),

Yehoshua Sagiv, The Hebrew University - Institute of Computer Science. „ Java Network Programming and Distributed Computing, Reilly & Reilly. „ Computer Networking: A Top-Down Approach Featuring the Internet,

References

Download now ( PDF - 20 Page - 127.34 KB )

Related documents

UNITED STATES OF AMERICA BEFORE THE FEDERAL TRADE COMMISSION COMPLAINT

EagleView’s complaint touted the close competition between Respondents, alleging, “Xactware has developed a product, known as Aerial Sketch, which enables it to compete directly with

Conflicts of cultural diversity and culture of peace in Latin America

Se describen los conflictos de la diversidad cultural en Latinoamérica desde la compresión tanto de las dinámicas y consecuencias étnico-culturales producidas por los procesos

SYDNEY YOUNG

The comparatively few papers Young published while in Dublin were mainly concerned with the relations shown between the physical con­ stants of chemical series;

Conan RPG - [CN2] Conan, The Mercena

If the six large Bats outside of this chamber enter into combat, one of the four priests in here will know and automatically retreat to the area just outside of the vines in..

Disruption Management in Passenger Railways: Models for Timetable, Rolling Stock and Crew Rescheduling

Thus for these activities, constraint set 2.6 implies that a train can only depart on a track of an open track section if a train has departed on the same track in the same

From HTTP 1.1 tp HTTP 2.0

Bandwidth and Latency Bandwidth In compu)ng, bandwidth is the bit-rate of available or consumed informa)on capacity expressed typically in metric mul)ples of bits per

Dubai Companies 206

Kalandoor Career DMCC Careers Dubai Customs DP World Career Dalkia Dubai Career ADGAS Career Mattex Career [email protected]. Paris Gallery

Universal Cancer Killer.pdf

[r]