SE452: Cookies [3/16]

Defined in RFC 2109

A cookie is basically a small piece of information stored by a web browser on the local client.

Browsers are expected to only support 20 cookies per Web server, 300 total, and can be limited to 4kb each

Cookies are returned to the server as HTTP request headers

Cookies are used on the web for a number of purposes:

• Tracking Sessions
• Targeting advertising
• Tracking usage
• Personilization

If used properly, not a security risk

Problems with Cookies:

• A user can turn them off
• A user (or a browser) could delete cookies
• They can violate privacy (embedded images)
• If used improperly, a security risk

As a developer, you cannot depend on them completely