__Cookies__
Well, what are cookies? Cookies are informations stored by you when you visit
a site, designed and useful FOR THE SITE you visited
A Cookie is a little nugget of information that is sent to your browser from a World Wide Web Server. This block of data can
be anything, a unique user ID generated by the server, the current date and time, the IP Address of where the browser is
logged onto the net or any other chunk of data that you want.
After a browser receives a cookie it will then send that cookie (nugget of info) to the server that set it whenever it requests an
html page. The browser will only send the cookie to the server that originally set it. This means that I (at my server)
can't tell if you (some browser) have cookies that other sites have set. In other words I can't steal cookies I haven't given you
by using HTTP protocols.
Cookies can be set either in the HTTP Header or in the Head portion of the HTML document using a META tag (It's
described on the main page) the problem with doing it that way is that only netscape supports it.
This is the format a CGI script would use to add to the HTTP headers
a new piece of data which is to be stored by the client
for later retrieval.
Set-Cookie: NAME=VALUE; expires=DATE;
path=PATH; domain=DOMAIN_NAME; secure
expires is an optional attribute. If not specified, the cookie will expire when the user's session ends.
The default value of domain is the host name of the server which generated the cookie response
If a cookie is marked secure, it will only be transmitted if the communications channel with the host is a secure one.
Currently this means that secure cookies will only be sent to HTTPS (HTTP over SSL) servers.
If secure is not specified, a cookie is considered safe to be sent in the clear over unsecured channels.
When requesting a URL from an HTTP server, the browser will match the URL against all cookies and if any of them match, a
line containing the name/value pairs of all matching cookies will be included in the HTTP request.
Have a look at the cookies you have in c:\windows\cookies and examine them with your hexeditor:
this is the cookie I have set in this page:
access.8.www.geocities.com/Athens/5513/.0.2922787840.29120835.1035370336.29084634.*.
this is the cookie from Hotbot
ink.IU082A0C432A6086A4F2FE64D40F4973EEF27C97.hotbot.com/.0.3590660096.29294449.682573152.29065138.*.
this is an interesting cookie from LordSomer:
DemoName.fravia.www.cris.com/~lordsome/.0.2705616768.29067717.1995643264.29067516.*.
Another one: with last visit informations
lastvisit.Tue%20Aug%2013%2003%3a04%3a22%201996%3a838814433.28818.members.tripod.com/.0.951197440.29087610.937623776.29067494.*.
and the cookie from Netscape:
NETSCAPE_ID.1000e010,1007abea.netscape.com/.0.617916800.29316075.3185882080.29069520.*.
and the Microsoft cookie
MC1.ID=d65fe66bea8211cfbceb0000f84a13db.microsoft.com/.0.3590660096.29294449.2359962560.29064890.*.
If a CGI script wishes to delete a cookie, it can do so by returning a cookie with the same name, and an expires time
which is in the past. The path and name must match exactly in order for the expiring cookie to replace the valid cookie.
This requirement makes it difficult for anyone but the originator of a cookie to delete a cookie.
So, once more: basically what happens is this: You visit a page and get as response
Set-Cookie: VISITOR=STUPID; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT
From now on, every time you request a URL in the path "/" of the above server, YOU send following message:
Cookie: VISITOR=STUPID
How do you go on from here?
As usual: Beg, Borrow and Steal! A good artist copies, a great artist steals - Picasso
Did you know that Netscape and MIE create a file that helps web servers keep track of you ?
On Macs it is in a file called Magic Cookie, on IBM type CPUs it is in a file called cookies.txt
It isn't really meant to be understood: some of the data is encrypted so it's a little hard to read :-)
This "MagicCookie" file is very useful in some cases, like storing some viewing
configurations (i.e. with or without frames, etc...), but it can also help the server
know WHO you are and what you do
Say you go to lycos and lookup some keywords, well lycos can store in the cookie
file a number that helps it know that you're user ID 238f983298ds8s9df (for example)
and store what you looked for in its database (on the web server, this time).
Well, let's not be paranoid, but, say Glittering Computers Inc wants to spam some ads,
it could ask lycos to setup a specific gif image on lycos' page only to users who
lookedup computer related links. (that's a simple example).
Have a look at your cookies.txt file!
If you lock the cookies.txt file (c:\NAVIGA~1\cookies.txt on non-Mac machines) this will not stop cookies from working. Cookies will still reside in
memory. It will however make it so the cookies can't be written to the hard drive, it may also cause netscape to bomb when
you quit.