1 / 12

HTTP Cookies

HTTP Cookies. Many major Web sites use cookies Four components: 1) cookie header line of HTTP response message 2) cookie header line in HTTP request message 3) cookie file kept on user’s host, managed by user’s browser 4) back-end database at Web site. Example:

maggie-french
Download Presentation

HTTP Cookies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HTTP Cookies

  2. Many major Web sites use cookies Four components: 1) cookie header line of HTTP response message 2) cookie header line in HTTP request message 3) cookie file kept on user’s host, managed by user’s browser 4) back-end database at Web site Example: Susan always access Internet always from PC visits specific e-commerce site for first time when initial HTTP requests arrives at site, site creates: unique ID entry in backend database for ID User-server state: cookies CPSC 441 - Application Layer

  3. ebay 8734 usual http request msg Amazon server creates ID 1678 for user usual http response Set-cookie: 1678 create entry ebay 8734 amazon 1678 ebay 8734 amazon 1678 usual http request msg cookie: 1678 access cookie- specific action usual http response msg usual http response msg access usual http request msg cookie: 1678 cookie- spectific action Cookies: keeping “state” (cont.) client server cookie file backend database one week later: CPSC 441 - Application Layer

  4. What cookies can bring: authorization shopping carts recommendations user session state (Web e-mail) Cookies (continued) aside • Cookies and privacy: • cookies permit sites to learn a lot about you • you may supply name and e-mail to sites • How to keep “state”: • protocol endpoints: maintain state at sender/receiver over multiple transactions • cookies: http messages carry state CPSC 441 - Application Layer

  5. The Telnet Protocol CPSC 441 - Application Layer

  6. Telnet • Developed in 1969 (RFC 15), later extended in RFC 854 • A generic method for remotely accessing machines • Client-server paradigm, bi-directional communication • Connection oriented (TCP based) • Telnet service (telnetd) uses port 23 CPSC 441 - Application Layer

  7. The Telnet protocol • Exchanges of 8 bit bytes • MSB 0 signifies next 7 bits is ASCII • MSB 1 used to indicate special protocol character CPSC 441 - Application Layer

  8. Telnet Communication Model • Client process captures user input, sent over network to server • Server receives remote input, sends to operating system • Operating system response captured by server, sent over network to client • Client receives remote response, outputs to user • Every character is sent as a standalone packet! CPSC 441 - Application Layer

  9. Telnet Security Problems • Telnet sends everything in plaintext • No authentication mechanism • Telnet server has many vulnerabilities and exploits • Telnet has since been superseded by the SSH protocol • Secure Shell (SSH) provides both • Encryption • authentication CPSC 441 - Application Layer

  10. Telnet applications • Telnet is a generic TCP client. • Sends user input directly to the TCP socket. • Outputs anything received from the TCP socket. • Can be used to troubleshoot and “talk” directly to network “ASCII based” services • E.g. can be used to communicate with • Web servers • SMTP servers CPSC 441 - Application Layer

  11. 1. Telnet to your favorite Web server: Trying out HTTP (client side) for yourself Opens TCP connection to port 80 (default HTTP server port) at cis.poly.edu. Anything typed in sent to port 80 at cis.poly.edu telnet cis.poly.edu 80 • 2. Type in a GET HTTP request: By typing this in (hit carriage return twice), you send this minimal (but complete) GET request to HTTP server GET /~ross/ HTTP/1.1 Host: cis.poly.edu 3. Look at response message sent by HTTP server! CPSC 441 - Application Layer

  12. Try SMTP interaction for yourself: • telnet servername 25 • see 220 reply from server • enter HELO, MAIL FROM, RCPT TO, DATA, QUIT commands above lets you send email without using email client (reader) CPSC 441 - Application Layer

More Related