Cookies and their programming
The name of this small file, which the site stores on the computer of each visitor, for placing usable data in it for further return, comes from Magic Cookie, which under Unix means a packet of data that has passed between different programs.
This can be called simply a cookie or cookie of a browser, computer, tracking, Internet, Internet or HTTP cookie.
Its contents are a list of name = value pairs. It is not intended to host executable code on a client computer, but can be used to spy on a user by misusing recorded data, including to find out which sites they visit.
The origin of the cookies dates back to 1994 and the Netscape browser (Mosaic Netscape 0.9 from 13.10.1994). The standard specification for HTTP was defined by the IETF in 1997 (see references).
Cookie anatomy
The maximum cookie size is 4 KB. Their maximum number depends on the browser, it is 50 per domain for IE and Firefox. Only 300 per computer.
Names are insensitive.
Service life may be limited by session, number of days, or unlimited. You can configure your browser to delete cookies at the end of the session or completely abandon them.
If a date is specified, the cookie is erased on that date, otherwise it is erased at the end of the session. The browser can extend the validity period every time you visit the site .
They are stored in several files (IE), a single text file (Firefox), an encrypted file (Opera, Safari).
Information that is often placed in cookies:
- Service User ID.
- Login and password for the site.
- Display settings.
For example, for Google, there are no number of sites on the results page . - Shopping cart on online sales site.
- Pages visited and in what order.
Double Click and Adsense's DART cookies are used by advertisers to analyze ad usage. When you visit a site that hosts ads for these rules, as well as other rules affiliated with them, the authority checks for cookies and creates them if they don't already exist.
User has control over cookies
You can configure your browser to prevent cookies from being created. But this has drawbacks, most services that require registration impose the creation of a cookie that can be used to transfer data between programs. Worse, when they are disabled, most sites refuse to register without any explanation.
The preferred option is to accept session-only cookies. They can also be banned, with the exception of those sites that we bring. Then you will need to think about creating an exception every time you want to register on the services of a new site.
With the exception of older versions, browsers by default only read cookies about the site they visit. However, they can be configured to accept third-party cookies. This is mainly used by advertising sites.
One of the limitations for a webmaster is that if a user uses different browsers, then everyone who has their own cookie system is treated as a different user.
When Double Click's Dart cookies, given the large number of sites using these rules, these cookies will generally appear systematically. Double-clicking suggests disabling cookies to remove tracking in other cookies.
Cookies and security
Even if cookies contain only data and prohibit their use by third-party sites (which would allow a pirate site to obtain authentication data for other sites), they cause insecurity.
Network hacking
Hackers can get cookies when they transfer over a network like Wifi. Using the https protocol can prevent this risk. This protocol should be used to create cookies, not just other communications.
Malicious code
It is also possible for code embedded in web pages to receive cookies from third-party sites, even if the browser prohibits it.
Hackers can reuse the site's JavaScript or PHP code to recover data about site users.
This can be prevented by prohibiting "cross-site scripting," the ability to integrate scripts into URLs. To do this, control over parameters in scripts is added. Exempli gratia:
$r = "^[\w]{1,40}$";
if (preg_match($r, $param) == 0) die("Hacking!");
Only alpha-numeric characters are checked here. An article from Microsoft details how to prevent a cross-scenario.
Data change
Using a session ID instead of data prevents attacks by changing the cookie sent by the server.
The data is stored on the server and is associated with a session ID that is stored only at the user's site.
This measure is suitable for sites that fear data manipulation, such as shopping sites that automatically process orders and amounts due.
The lowest protection for an Internet user is using the latest browser. In particular, IE 6 must be replaced.
Cookie programming
The cookie is created by an HTTP header request. Cookies are created by a browser, JavaScript program, or a script on a server, in particular PHP.
A cookie is a set of names = a value separated by semicolons. Exempli gratia:
name=nomducookie; expires=date; domain=.iqlevsha.ru; path=/;
path - the relative path on the site of the page for which the cookie is being created.
expires specifies an expiration date that is in the format: Lun, JJ-MMM-YAAA HH: MM: SS GMT.
Example expiration date:
Mar 01-Jan-2009 12:40:10 GMT
Create a cookie in PHP
setcookie("name1", "valeur1", time() + 1200);
One or more series, each of which consists of a name, optional value, expiration date and other parameters (see PHP guide).
If omitted, the name will be removed from the list on the user's computer.
View cookies in PHP
To view all cookies:
print_r($_COOKIE);
To view the contents of a cookie named x:
echo $_COOKIE["x"];
Create a cookie in JavaScript
document.cookie = "nom" + "=" + escape("valeur") + ";";
You can create a pair of names = values separated by semicolons and assign the entire string.
View cookies in JavaScript
document.write(document.cookie);
Demonstration of reading cookies in PHP and JavaScript
IN PHP:
Array ()
PHP source code:
<p>
<?php print_r($_COOKIE); ?>
</p>
В JavaScript:
JavaScript source code:
<p>
<script type="text/javascript">
if(document.cookie == null)
{
document.write("No cookie<br>");
}
var str = String(document.cookie);
document.write(str + "<br>");
</script>
</p>