Client State Tracking with Netscape Cookies

MindSource April 1996 BOF

Client State Tracking with Netscape Cookies

M. Strata Rose
VirtualNet Consulting

What's all the fuss about?

Highlights of our little chat

Stateless Protocol seeks State

Advantages of cookies vs. embedded URL tokens

What are cookies good for?

Presenting "virtual session" info

Building up state interactively

Exchanging non-user-friendly info

Minimal "security through obscurity"

What browsers support cookies?

History of term "cookie"

Other systems using cookies

Netscape cookie spec

What's a cookie?

Cookie Contents

HTTP Response Header constraints

Specific cookie constraints

Where do they live?

How do I get cookies?

How do I get Netscape cookies?

Here's where the fun begins...

HTTP Request: Client

HTTP Response: Server

HTTP Response: Client

What is likely to blow up? (security concerns)

DNS & Spoofing

Resource Allocation

User Idiocy

Fine Structure of Cookies






What services out there are using cookies?

Cookies in the Real World: SiteTrack

A Few Cookie Pointers

All the links in this presentation are here!

Hey, Thanks!

Any Questions?

Copyright 1996 M. Strata Rose, all rights reserved.