Cookies πͺ
Cookies are defined in an HTTP header. They are used by a server to store data inside a client's browser.
Server: the server first requests the browser to create a cookie. It's done by using the header Set-Cookie (one per cookie).
Client: the client will send the cookies and their current value in every following request, in the header Cookie.
π₯ Cookies can be created, edited, and deleted by the client from the section "Cookies" in "Application > Storage" of the devtools.
Cookies can be used
- π¦ to store data in the client browser
- Ex: language
- Ex: the mode (dark/light)
- ...
- π to store a session ID
β οΈοΈ Some cookies may have an encoded value which is mostly in base64. They may contain sensitive information once decoded.
Session cookies π²
Session cookies are used to store data on the server, associated with someone visiting the website.
Once the session is started server-side, a file will be created on the server with an id such as f71dbe52628a3f83a77ab494817525c6. The programmer can store inside stuff like:
- π§ is the user connected?
- π the user information such as the client's ID...
- ...
A session is available on every page server-side, so programmers use it to adapt the page according to what we know about the user (for instance, if they are not logged in, they are redirected to the login page).
The server will send the session ID in a cookie, and the client will send it back in every request (like a normal cookie), so that the session manager will load the right session file on the server.
π Unlike normal cookies, the client only has the session ID in their browser, so they can't edit the content of the session.
π» To-do π»
Stuff that I found, but never read/used yet.
- Session Hijacking
- Cookie Stealing
- Cookie Scrapping
- MangaDex 2020