The Secret Life of Browser Cookies

The function of a Browser Cookie is to be able to identify and remember things about you as you go along your web sessions. Logically speaking, all cookies are essentially text files that hold vital information about an established session. The World Wide Web in of itself one of the most innovating technologies to date, yet it lives on brittle foundation, littered with specifications to reinforce it.

Properties of a Cookie

Cookies are scoped to the domain that sent the request for a “Set-Cookie” response. So if I were to send a request from lotuseater.io with HTTP headers of Domain and Path to the backend server I would get a Set-Cookie response for *.lotuseater.io. The cookie is then resent for all the domains that match *.lotuseater.io while pages are requested.

OWASP Cookie Session Image

Breaches that resulted in broken cookie authentication

Symbiotic relationship between Same Origin Policy and Cookies

Outside of sniffing unencrypted traffic, the Same Origin Policy is what keeps code from sending data to different origins, but as we have seen with these breaches there are many ways around such a thing. Without the almighty law of SOP the web would certainly be a much different place…

Establishment of Session

Cookie Jar and Idleness

The cookies that tend to have a long shelf life will sit in your cookiejar idle, waiting, most cookies nowadays will take form of a tracking cookie where the data would be used across websites to identify you as an individual and your browsing habits. The same mechanisms are used to establish a “session” as a user but many are established on multiple websites, most will have a check to see if their cookies are already established in your requests. It will then record data, update your cookie, or add another one.

The many cookies that Facebook establishes

Cookie End of Life

All cookies have a shelf-life, this is due to the Expired header, once it reaches the date of expiry, your browser would initiate garbage collection of expired cookies when further requests are made. Yes this is a quite sad, but the cycle of life continues, as soon as a cookie dies, many more will be born.

An internet researcher that loves to write about futurology, cybersecurity, and design. Finding answers to the self, and the virtual world around us. 🌸💀🌸

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store