Web Security Learning
stable

Content Index:

  • 1. Prologue
  • 2. Computer Networks and Protocols
    • 2.1. Network Basics
    • 2.2. UDP protocol
    • 2.3. TCP protocol
    • 2.4. DHCP Protocol
    • 2.5. Routing algorithm
    • 2.6. Domain Name System
    • 2.7. HTTP protocol suite
      • 2.7.1. HTTP Standards
      • 2.7.2. HTTP version
      • 2.7.3. HTTPS
      • 2.7.4. Cookie
        • 2.7.4.1. Introduction
        • 2.7.4.2. Properties
      • 2.7.5. WebDAV
      • 2.7.6. Reference Links
    • 2.8. Mail protocol family
    • 2.9. SSL/TLS
    • 2.10. IPsec
    • 2.11. Wi-Fi
  • 3. Information Collection
  • 4. Common vulnerability attack and defense
  • 5. Language and Framework
  • 6. Intranet penetration
  • 7. Cloud Security
  • 8. Defense Technology
  • 9. Authentication Mechanism
  • 10. Tools and Resources
  • 11. Manual Quick Check
  • 12. Others
Web Security Learning
  • »
  • 2. Computer Networks and Protocols »
  • 2.7. HTTP protocol suite »
  • 2.7.4. Cookie

2.7.4. Cookie¶

2.7.4.1. Introduction¶

Cookie (Plural Cookies), the type is “small text file”, refers to the data stored on the user’s local terminal by some websites in order to identify the user’s identity.

2.7.4.2. Properties¶

2.7.4.2.1. name¶

The name of the cookie.

2.7.4.2.2. value¶

The value of the cookie.

2.7.4.2.3. expires¶

When the Expires attribute is default, it means that it is a session cookie, which expires when the user closes the browser.

2.7.4.2.4. max-age¶

max-age can be positive, negative, or 0. If the max-age attribute is positive, the browser will persist it, when the max-age attribute is negative, it means that the cookie is only a session cookie. When max-age is 0, the cookie will be deleted immediately. When both Expires and max-age exist, max-age takes precedence.

2.7.4.2.5. domain¶

Specify the domain name of the cookie, the default is the current domain name. When the domain is set, it can be set to itself and its parent domain, and the child domain can access the cookies of the parent domain, but not vice versa.

2.7.4.2.6. path¶

Specify a URL path, which must appear in the path of the resource to be requested before the corresponding cookie can be sent.

2.7.4.2.7. secure¶

Can only be transmitted via HTTPS.

2.7.4.2.8. httponly¶

Restricting cookies to be read only during HTTP transmission, preventing XSS attacks to a certain extent.

2.7.4.2.9. SameSite¶

SameSite supports Strict / Lax / None three values. Strict is the strictest, completely bans third-party cookies, and will not send cookies under any circumstances when cross-site. Lax allows some third-party requests to carry cookies, mainly in three cases: link, preload, and GET form. The SameSite property of the cookie is None, and when Secure is set, the cookie will be sent regardless of whether it is cross-site.

Previous Next

© Copyright 2019-2022, WebSecurity.

Built with Sphinx using a theme provided by Read the Docs.