Home » Research » Projects » Cookie Classification

Cookie Classification

BACKGROUND
Cookies are the most widely used solution to implement a stateful communication between the web client (i.e., browser) and the web server, over a stateless protocol (HTTP/HTTPS).

Specifically, cookies come to hand when the client is requesting to present its credentials to log in and authenticate to the web server. How?

Assume the client C wants to log in at the server S. To do that, C usually sends to S its credentials (i.e., typically a username and a password), hopefully over a secure channel (HTTPS). Upon verifying the received credentials are actually valid, i.e., there’s a valid entry corresponding to the received (username, password) pair in the server back-end, S replies to C with a status code to tell C that its request was handled correctly (e.g., 200 OK). Furthermore, S stores a cookie in its back-end, which uniquely identifies the client C, and it attaches that cookie to its HTTP(S) response header. Once C receives back the HTTP(S) response from S, it also receives the cookie that the server has previously associated with it. The client will automatically attach that cookie to any subsequent HTTP(S) request to the server. In such a way, S is always able to recognize C across several distinct HTTP(S) requests, thus to possibly restore any state information about C.

Note that, without the use of cookies, the client should need to authenticate herself for any subsequent HTTP(S) request she sends to the server, thus making the surfing experience truly bad and annoying.

To clarify better on this, please refer to the picture below.

IDEA

RESULTS


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: