FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Cookies





Tony The Tiger
Can someone explain to me what cookies are and why they should or should not be enabled or turned off.
chennai
Cookies are something that sites use to store the information about u so that it can remeber u when u return agin.
A simple example would be our frihost login system.
There is a remember me check bok ,right?
If u check that frihost stores ur username and password in ur browser
so that it can automatically log u in
Animal
Cookies go a bit further than "remembering you" when you log out and back in again - they store temporary data about you, such as your login state. For example, if you disable cookies then log into Frihost, you'll see one page as "logged in". When you click on a new link on the forum, you'll show as being logged out because your computer isn't "remembered" as being logged in.

Another practical example of cookies is an online shopping cart - the "contents" of your cart are stored in a cookie, so if there's no cookie, your cart is always empty.

However, there are different types of cookie - some track your movements on the web by recording sites you visit etc. I would strongly recommend that you allow cookies generally but block cookies from (for example) doubleclick / valueclick etc. Run a spyware scan - this will identify the names of the tracking cookies on your system, then you can manually block them from within Firefox or IE.
Tony The Tiger
Animal wrote:
Cookies go a bit further than "remembering you" when you log out and back in again - they store temporary data about you, such as your login state. For example, if you disable cookies then log into Frihost, you'll see one page as "logged in". When you click on a new link on the forum, you'll show as being logged out because your computer isn't "remembered" as being logged in.

Another practical example of cookies is an online shopping cart - the "contents" of your cart are stored in a cookie, so if there's no cookie, your cart is always empty.

However, there are different types of cookie - some track your movements on the web by recording sites you visit etc. I would strongly recommend that you allow cookies generally but block cookies from (for example) doubleclick / valueclick etc. Run a spyware scan - this will identify the names of the tracking cookies on your system, then you can manually block them from within Firefox or IE.


What are problems that arise with having cookies disabled. My mother was having problems logging into her vacation club. Why would such a website deny access to someone who has cookies disabled? What is the problems caused for internet usage to have cookies disabled?
{name here}
EDIT: I thought I had something here, but I didn't. Please feel free to skip.
Stubru Freak
Tony The Tiger wrote:
Animal wrote:
Cookies go a bit further than "remembering you" when you log out and back in again - they store temporary data about you, such as your login state. For example, if you disable cookies then log into Frihost, you'll see one page as "logged in". When you click on a new link on the forum, you'll show as being logged out because your computer isn't "remembered" as being logged in.

Another practical example of cookies is an online shopping cart - the "contents" of your cart are stored in a cookie, so if there's no cookie, your cart is always empty.

However, there are different types of cookie - some track your movements on the web by recording sites you visit etc. I would strongly recommend that you allow cookies generally but block cookies from (for example) doubleclick / valueclick etc. Run a spyware scan - this will identify the names of the tracking cookies on your system, then you can manually block them from within Firefox or IE.


What are problems that arise with having cookies disabled. My mother was having problems logging into her vacation club. Why would such a website deny access to someone who has cookies disabled? What is the problems caused for internet usage to have cookies disabled?


Cookies can be sent from a site to to your computer, after that your computers sends the cookie everytime it requests a page on the site.
When your mother tries to log in on the site, the site must somehow know which computer logged in. Computers don't have a unique id by default (IP addresses are not unique in some cases), so the site would not recognise that computer. The solution is to use cookies: the site stores a unique id on your computer using a cookie, which it can read, and remembers which id corresponds to each user account. Only the site which placed the cookie can read it again, so it isn't really dangerous.
Only when sites start to share cookie information to trace you, you should be worried about privacy. (Which they do, so you should install Spybot S&D or something similar.)
When you disable cookies entirely, you are in full stealth mode, which is good but has the downside that no site can remember if you logged in.
Ranfaroth
Modern websites use sessions instead of cookies.
For instance, i'm logged on frihost, but I block cookies.

I recommand you to block cookies, and only allows them (for the session) for old websites which require them....
MrBlueSky
Ranfaroth wrote:
Modern websites use sessions instead of cookies.
For instance, i'm logged on frihost, but I block cookies.

I recommand you to block cookies, and only allows them (for the session) for old websites which require them....


Most websites use sessions using cookies. If you block cookies they use a fallback solution. PHP, for example, propagates your session id in the URL when you block cookies. This causes some security issues: your sessionid appears in log files on servers and proxy-servers. It can even cause your sessionid to appear in search engines (you can find sessionid's very easy using google, but most of the ones you find are already expired)
Stubru Freak
Ranfaroth wrote:
Modern websites use sessions instead of cookies.
For instance, i'm logged on frihost, but I block cookies.

I recommand you to block cookies, and only allows them (for the session) for old websites which require them....


This is not a good advice. As MrBlueSky already said, cookies are the safest way to store sessions, and fallback methods used if cookies are unavailable are very insecure. Cookies are the modern way, other ways are old ones, and cookies are designed to solve them.
akshar
Quote:
Friend, as you know internet uses HTTP protocol which is stateless ,we require something that will allow us to keep track of states(sessions)so that information can be exchanged easily.cookies are used as session trackers to keep information.you can delete cokkies,no problem at all .infact deleting will increase your internet speed
MrBlueSky
Quote:

Friend, as you know the web uses HTTP protocol using TCP which is stateless ,we require something that will allow us to keep track of states(sessions)so that information can be exchanged easily.cookies are commonly used as session trackers to keep information but you can use other mechanisms too.you can delete cokkies,no problem at all for most sites.infact deleting will increase your internet speed but decrease your browsing speed because you have to provide a lot of information over and over again which is normally stored in cookies, for example preferences and login information


Bolds by me

Exclamation Smile

(internet != www)
Ranfaroth
MrBlueSky wrote:
Most websites use sessions using cookies.
No : they use sessions managed by they programming language (PHP, Python, Java...), which as you said, still work when cookies are disabled.
Quote:
PHP, for example, propagates your session id in the URL when you block cookies. This causes some security issues
If the website is well designed, they won't be security issues
Stubru Freak wrote:
This is not a good advice. As MrBlueSky already said, cookies are the safest way to store sessions, and fallback methods used if cookies are unavailable are very insecure.
No cookies is not the safest way, since it keeps information on your computer. And I've already answered above for the other security issues
Quote:
Cookies are the modern way, other ways are old ones, and cookies are designed to solve them.
That's exactly the contrary.
10 years ago, it was almost impossible to surf with cookies disabled. But nowdays, websites have been modernised.
MrBlueSky
Ranfaroth wrote:
No : they use sessions managed by they programming language (PHP, Python, Java...), which as you said, still work when cookies are disabled.


By propagating the sessionid in the url, which appears in log files looking like this:

Code:

160.xx.x.68 - - [12/Feb/2007:04:11:36 -0600] "GET /image.gif HTTP/1.0" 200 1792 "http://www.frihost.com/forums/viewtopic.php?sid=ffe3a5e02fbaa4edda1b6b5b14xxxxx&p=552xxx" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2pre) Gecko/20070111 SeaMonkey/1.1"


Quote:

No cookies is not the safest way, since it keeps information on your computer. And I've already answered above for the other security issues


You want information to be stored on other computers instead of your own, because you think that's safer??

Quote:

If the website is well designed, they won't be security issues


And you trust on that? Are you new to the internet, or just of good faith?
Stubru Freak
Ranfaroth wrote:
No : they use sessions managed by they programming language (PHP, Python, Java...), which as you said, still work when cookies are disabled.


Sessions are data blocks temporary stored on the server, associated with a certain browsing session on a certain site.
But to know which data block is associated with which session, some kind of id has to be stored on the client. This is mostly an md5-hash (/[0-9a-e]{32}/i). There are multiple ways to store this md5-hash on the client. The most commonly used one, and also the safest, is a cookie. This cookie doesn't contain any data but the md5-hash and is perfectly safe. But when cookies aren't available, a fallback mechanism is used. The most commonly used method is appending the session id to your url. (Resulting in a url like http://www.frihost.com/forums/posting.php?mode=quote&p=554805&sid=**************************).
Of course this isn't as safe because the request url is logged at many places while cookie information isn't. Another method is changing every link to a post form with a hidden field containing the session ID. This one is actually used sometimes, but of course it's really complicated. Another way would be to try to guess based on browser string + IP, but this obviously results in a lot of security problems for requests from large networks, where every computer has the same external IP.

Quote:
No cookies is not the safest way, since it keeps information on your computer.


The information kept is just an md5-hash, and is somehow kept on your computer anyway.

Quote:
That's exactly the contrary.
10 years ago, it was almost impossible to surf with cookies disabled. But nowdays, websites have been modernised.


Cookies were abused 10 years ago, and that's how they got their bad name. But they're the best method to store session IDs.

If you really want to block unsafe cookies, try to get some software that can block cookies based on a regex, and block all cookies that aren't like this regex: /[0-9a-e]{32}/i
Ranfaroth
MrBlueSky wrote:
By propagating the sessionid in the url, which appears in log files looking like this:

Code:

160.xx.x.68 - - [12/Feb/2007:04:11:36 -0600] "GET /image.gif HTTP/1.0" 200 1792 "http://www.frihost.com/forums/viewtopic.php?sid=ffe3a5e02fbaa4edda1b6b5b14xxxxx&p=552xxx" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2pre) Gecko/20070111 SeaMonkey/1.1"
That doesn't means that you could use this information...
Quote:
You want information to be stored on other computers instead of your own, because you think that's safer??
Yes : I prefere to store information on the server, because that means that other websites won't access it. Neither will someone with read access on my computer
Quote:
And you trust on that?
For usual websites where I don't care about this, no. But on website where security is important, usualy there're in HTTPS, which means that the session Id isn't transmited to other websites, so your technics won't work : it's totally secure.
Stubru Freak wrote:
The information kept is just an md5-hash, and is somehow kept on your computer anyway.
That's only for cookies storing sessions. But the old-designed web sites which requires cookies doesn't store session in their cookies
MrBlueSky
Ranfaroth wrote:
That doesn't means that you could use this information...


Well... its not allowed to talk about such things here, so just let's leave it at that Smile

Quote:
Yes : I prefere to store information on the server, because that means that other websites won't access it. Neither will someone with read access on my computer


Although servers are just as vurnerable to prying eyes as your own computer (probably more) you are at least distributing your sensitive information while when you keep it on your own computer it's all in one place which is less safe. You made a good point here indeed.


Quote:
For usual websites where I don't care about this, no. But on website where security is important, usualy there're in HTTPS, which means that the session Id isn't transmited to other websites, so your technics won't work : it's totally secure.


True.
Related topics
avoid super cookies
recipie for chocolate chip cookies
Introduction To Cookies :
PHP: Sessions and Cookies
Help for sending 2+ cookies in one page.
[php/cookies] poll on two sites
PHPBB Cookies
FireFox and Cookies/Sessions
using cookies in PHP
My forum isn't saving cookies
End of the world: Our cookies are running out
what is better? Sessions or Cookies
Mom Said to Help Girls Bake Ex-Lax Cookies
Cookies?
Cookies not getting set
Reply to topic    Frihost Forum Index -> Computers -> Operating Systems

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.