Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
cookies and sessions

Cookies and Sessions Thierry Security assumptions You have - PowerPoint PPT Presentation

Feb 03, 2023 •647 likes •784 views

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser Cookies The big picture key/value pairs data Client Side Server Side HTTP request

  1. Cookies and Sessions Thierry

  2. Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser

  3. Cookies

  4. The big picture key/value pairs data Client Side Server Side HTTP request HTTP response HTTP request HTTP response Web Browser Web Server

  5. Cookies Cookies are key/value pairs sent back and forth between the browser and the server in HTTP request and response

  6. Anatomy of a Cookie • Text data (Up to 4kb) • May (or may not) have an expiration date • Can be manipulated from the client and the server

  7. Manipulating cookies A cookie can be modified (without any cookie flag set) • on the server side express middleware : cookie • on the client side javascript : Document.cookie

  8. What cookies are useful for? • Shopping cart • Browsing preferences • User authentication • Tracking and advertisement

  9. Sessions

  10. The big picture session id Client Side Server Side HTTP request HTTP response HTTP request HTTP response Web Browser Web Server key/value pairs data

  11. The concept of session • There is a session id (aka token) between the browser and the web application • This session id should be unique and unforgeable (usually a long random number or a hash) • This session id is bind to key/value pairs data

  12. Where sessions values are stored • Session ID is stored in a cookie • Session key/value pairs are stored on the server

  13. Hacking sessions The user can create, modify, delete the session ID in the cookie But cannot access the key/value pairs stored on the server

Recommend

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a

Cookies Cookies HTTP is stateless To "remember" a user we use cookies In a response header, we can give the user information as a cookie All subsequent requests will contain these cookies in a header Since cookies work

481 views • 10 slides
Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions

Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions

Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions 2 sessions sessions Main lesson: Maths Ideea Lab Arts Indonesian Health and English electives: Physical education Humanities Performing

3.3k views • 11 slides
Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide state Examples: Items in shopping cart AuthenFcaFon! Cookies Passwords! Username + Password = Cookie If I know your authenFcaFon

715 views • 7 slides
SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from https://www.httpwatch.com/httpgallery/cookies/ and https://www.httpwatch.com/httpgallery/headers/ HTTP client-server interaction review 1 Cookies

183 views • 4 slides
IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 -4 th edition and online Perl Chapter of textbook) Cookies Example 1 JavaScript: Using Cookies Cookie Data stored on _____________ to maintain

263 views • 9 slides
PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses, shares, stores and manages your information. We have built our business based on (a) our integrity, (b) our sincere effort to meet your

207 views • 3 slides
Cookies & Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART

Cookies & Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART

EAT COOKIES Cookies & Milk ...Soda? Matthew Lau Professor Imielinski March 28, 2017 Data 101 WALMART Assignment You might think Cookies and Milk are bought together... You would be wrong. There are no specific associations between

660 views • 9 slides
COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your

COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your

CS 498RK FALL 2017 COOKIES How can apps maintain user state? Cookies! small bits of data downloaded to your computer so that a site can remember you and what you did on subsequent visits Browser Server first request http:/

477 views • 23 slides
Should Internet Cookies Be Further Regulated by the Government? Research Presentation by

Should Internet Cookies Be Further Regulated by the Government? Research Presentation by

Should Internet Cookies Be Further Regulated by the Government? Research Presentation by Kaitlin Burdick Overview Background Arguments For the Regulation of Cookies Arguments Against the Regulation of Cookies Conclusion

320 views • 13 slides
Eventful Sessions: Eventful Sessions: Types, Programming and Bisimilarity Raymond Hu, Dimitrios

Eventful Sessions: Eventful Sessions: Types, Programming and Bisimilarity Raymond Hu, Dimitrios

Eventful Sessions: Eventful Sessions: Types, Programming and Bisimilarity Raymond Hu, Dimitrios Kouzapas, Olivier Pernet, Nobuko Yoshida Kohei Honda Type safe Eventful Sessions in Java Type safe Eventful Sessions in Java Combine session

1.24k views • 47 slides
Table of Contents September 12 Opening Plenary Session 7 Breakout Sessions 1 7-8 Breakout

Table of Contents September 12 Opening Plenary Session 7 Breakout Sessions 1 7-8 Breakout

Table of Contents September 12 Opening Plenary Session 7 Breakout Sessions 1 7-8 Breakout Sessions 2 9 Breakout Sessions 3 10 Reception 11 September 13 Invited Speaker - Mike Schmoker 12 Breakout Sessions 1 12-13 Breakout Sessions 2

597 views • 20 slides
Java Programming Unit 15 HTTP Sessions and cookies Java

Java Programming Unit 15 HTTP Sessions and cookies Java

Java Programming Unit 15 HTTP Sessions and cookies Java Server Pages (c) Yakov Fain 2014 Synchronous and Asynchronous Servlets Java Servlets run

1.41k views • 32 slides
Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical

Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical

Chapter 12 COOKIES AND SESSIONS INTRO Unlike the unified single process that is the typical desktop application, a web application consists of a series of disconnected HTTP requests to a web server where each request for a server page is

663 views • 45 slides
Objectives Review Servlets Deployment Configuration Sessions, Cookies Handling

Objectives Review Servlets Deployment Configuration Sessions, Cookies Handling

Objectives Review Servlets Deployment Configuration Sessions, Cookies Handling multiple requests Apr 29, 2019 Sprenkle - CS335 1 Servlets Review What application do we need to execute servlets? What class do all web

335 views • 29 slides
CSE 154 LECTURE 22: SESSIONS Expiration / persistent cookies setcookie("name",

CSE 154 LECTURE 22: SESSIONS Expiration / persistent cookies setcookie("name",

CSE 154 LECTURE 22: SESSIONS Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week from now setcookie("CouponNumber", "389752",

309 views • 10 slides
Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9

Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9

IT350 Web and Internet Programming Cookies: JavaScript and Perl (Some from Chapter 11.9 and online Perl Chapter of textbook) 11.9 JavaScript: Using Cookies Cookie Data stored on _____________ to maintain information about client during

769 views • 6 slides
Outline The web from a security perspective (contd) SQL injection CSci 5271 Announcements

Outline The web from a security perspective (contd) SQL injection CSci 5271 Announcements

Outline The web from a security perspective (contd) SQL injection CSci 5271 Announcements intermission Introduction to Computer Security Web security, combined slides Web authentication failures Cross-site scripting Stephen McCamant

336 views • 9 slides
Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I:

Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I:

Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I: Introduction to Programming Local variables, scopes, and complexity Autumn 2019 October 31, 2019 Example Cookie Calculator Cookie Calculator

685 views • 13 slides
Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

IN3210 Network Security Web Application Security Attacks on the Web Attacker Web User Application Web Database Web Server Application 2 The OWASP Foundation The Open Web Application Security Project (OWASP) is a 501(c)(3)

1.22k views • 60 slides
Neutral Net Neutrality Expressing User Preferences with Network Cookies Yiannis Yiakoumis,

Neutral Net Neutrality Expressing User Preferences with Network Cookies Yiannis Yiakoumis,

Neutral Net Neutrality Expressing User Preferences with Network Cookies Yiannis Yiakoumis, Sachin Katti, Nick McKeown Stanford University Who controls your network access? 2 Who controls your network access? 3 Who controls your network

768 views • 48 slides
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs G. Pellegrino , M. Johns, S.

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs G. Pellegrino , M. Johns, S.

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs G. Pellegrino , M. Johns, S. Koch, M. Backes, C. Rossow gpellegrino@cispa.saarland ACM CCS 2017 Nov 2 nd , Dallas, USA U WONT BELIEVE WHAT DIS CAT IS DOIN !!!1! <img

981 views • 16 slides
COOKIES Ho w ca n ap ps maintai n use r stat e ? Cookie s ! small bits of data downloaded to your

COOKIES Ho w ca n ap ps maintai n use r stat e ? Cookie s ! small bits of data downloaded to your

CS 498RK SPRING 2020 COOKIES Ho w ca n ap ps maintai n use r stat e ? Cookie s ! small bits of data downloaded to your computer so that a site can remember you and what you did on subsequent visits Bro w se r Serve r first request

344 views • 23 slides
Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites Takuya

Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites Takuya

Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama, Tatsuya Mori NTT Secure Platform Laboratories, Waseda University, NICT, RIKEN API NDSS Symposium 24 th

770 views • 46 slides
Security ty, P Privacy cy, & & Us User E Expect ectati tion ons: Case Studies in

Security ty, P Privacy cy, & & Us User E Expect ectati tion ons: Case Studies in

Security ty, P Privacy cy, & & Us User E Expect ectati tion ons: Case Studies in Web Tracking and Application Permissions Franzi ziska Roesner er Assistant Professor Computer Science & Engineering University of Washington

711 views • 52 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.