Cookies.... • What they are... • What they do.... • Why we use them...
Cookies are... • A small amount of text • A web site leaves on your computer • So that it can recognize you • When you come back to the same site. • Cookie contains personalized user data or information that is used to communicate between different web pages. • That’s about it… • But, there is more…
Only one Site can read the cookie it left on your computer, this means that other sites cannot “steal” cookies left from that site. More About Cookies… • Cookies are not a virus. • Cookies are Just text. • Cookies are not Executable • And therefore cannot spread a virus
How many cookies? • Limitations per site. • Maximum of 4K • Text only • Maximum of 20 cookies per domain. • This makes it difficult for any one site to use up all of your hard drive space.
What is Inside a Cookie… • Cookies are stored as: • Name – Value Pairs, meaning a variable and a value assigned to it: Response.cookies(“variable”) = “value” • Cookies also contain (by default): • When it was sent (date) • Who sent it.
How cookies are stored? • Lets take example of cookie written by rediff.com on Mozilla Firefox browser: • Site: Rediff.com Cookie name: RMIDName: RMID (Name of the cookie)Content: 1d11c8ec44bf49e0… (Encrypted content)Domain: .rediff.comPath: / (Any path after the domain name)Send For: Any type of connectionExpires: Thursday, December 31, 2020 11:59:59 PM
Applications where cookies can be used.. • To implement shopping cart.. • Personalized Sites. • User tracking. • Marketing. • User session.
Drawbacks of cookies.. • Cookies stored in the user's computer without their knowledge. • Too many cookies. • Security issue. • Sensitive information.
Points to check for cookies (Test cases) • No personal or sensitive data is stored. • Data stored in encrypted format. • Disable cookie. • Accepts/ Reject some cookies. • Delete cookies. • Corrupt the cookie. • Checking the deletion of cookies from your web application page. • Cookie Testing on Multiple browsers. • Cookies to maintain the logging state of any user.