Cookies and Sessions Flashcards Preview

Web Technologies, Users, and Management > Cookies and Sessions > Flashcards

Flashcards in Cookies and Sessions Deck (17)
Loading flashcards...
1
Q

characteristics of cookies

A

A small package of information sent by a server to a browser, and then sent back by the browser on future page requests.

A cookie’s data consists of a single name/value pair, sent in the header of the client’s HTTP GET or POST request.

can only be associated with one domain

2
Q

what are the uses of cookies

A
  • authentication
  • user tracking
  • maintaining user preferences, shopping carts, …
3
Q

how are cookies sent

A
  • when the browser requests a page, the server may send back a cookie(s) with it
  • if your server has previously sent any cookies to the browser, the browser will send them back on subsequent requests
  • alternate model: client-side JavaScript code can set/get cookies
4
Q

how do tracking cookies work

and how can users block them

A
  • an advertising company can put a cookie on your machine when you visit one site, and see it when you visit another site that also uses that advertising company
  • therefore they can tell that the same person (you) visited both sites
  • not accepting “third-party cookies” (browser setting) thwarts this
5
Q

session cookie vs. persistent cookie

(storage location, deletion process, security)

A

session cookie: the default type; a temporary cookie that is stored only in the browser’s memory

  • when the browser is closed, temporary cookies will be erased
  • safer, because no programs other than the browser can access them

persistent cookie: one that is stored as a file on the browser’s computer

  • can track long-term information
  • less secure; users/programs can open cookie files, see/change the cookie values, etc.
6
Q

Setting Expiration / Persistent Cookies

A
  • expiration date set —> persistent cookie (in seconds, relative to current timestamp)
  • no expiration date set —> session cookie; expires when browser is closed
    • time function returns the current time in seconds
      • date function can convert a time in seconds to a readable date
7
Q

how to retrieve information form a cookie

A

from the $_COOKIES associative array

  • use isset function to see whether a given cookie name exists
8
Q

how to delete a cookie

A

PHP: setcookie(“name”, FALSE);

or

set a negative expiration date (before the present time):

setcookie(“count”, 21, time() -1);

9
Q

With how many domains can a cookie be associated with?

A

one domain (e.g. www.example.com)

10
Q

what is the effect of the cookie attribute Secure and HttpOnly

A

Secure - ensures the cookie is only sent when using HTTPS

HttpOnly - ensures that it should be sent by HTTP/HTTPS requests only; this helps avoid JavaScript security attacks

11
Q

define a session and why are they used

A

a series of HTTP requests and responses between a specific web browser and server

used when a process between html and sever requires multiple communications

because HTTP cannot remember anything (what came before and after), sessions are used. which can be hijacked

12
Q

sessions vs. cookies

A

sessions end when user logs out or closes browser; cookies may persist

sessions stored on server (only 1 session per client); cookies store data on the user’s browser

sessions are difficult to hack; cookies are easy

sessions protect private information from being seen by other users on your computer; cookies do not

sessions are often built on top of cookies:

  • the only data the client stores is a cookie holding a unique session ID
  • on each page request, the client sends its session ID cookie, and the server uses this to find and retrieve the client’s session data
13
Q

how is a session established

A
  1. client contacts server
  2. server notes client’s IP address/browser, stores some local session data
  3. server sends a session ID back to client (as a cookie)
  4. client sends that same session ID (cookie) back to server on future requests
  5. server uses session ID cookie to retrieve its data for the client’s session later
14
Q

how to start a session in PHP

A

session_start() signifies that your script wants a session with the user

15
Q

how to access session data

A

using the $_SESSION associative array

16
Q

how to end a current session

A

session_destroy();

17
Q

when do sessions end and what are issues with such timeout

A
  • because HTTP (not HTML!) is stateless, the server may not know when a user has finished a session
  • ideally, user explicitly logs out, but many users don’t
  • client deletes session cookies when browser closes
  • server automatically cleans up old sessions after a period of time
  • old session data consumes resources and increases security risks