What is HTTP COOKIES?
HTTP cookies are used to display information about the user, such as the date, time, websites accessed, browser selections on a website. The HTTP cookie (also known as a web cookie, Internet cookie, browser cookie, or just cookie) is a small piece of data, up to the maximum 4KB size, that is sent from that site to the user's browser and stored on the computer.
Cookies are created and shared between the browser and the server using the HTTP header. As we all know, HTTP stateless is a protocol. HTTP cookies help the server to remind the status of these websites that the client has previously visited. It provides an individualization for the user. For example, you have logged into your mail account. After doing your work, you logged out and did not press the Remember me button either. When you want to log in to your mail again later, the web server can send a cookie containing the last used mail address information to log in. This way, your mail can be filled in automatically the next time you sign in. The server encodes the preferences in a cookie and sends the cookie back to the browser, so that each time the user accesses a page on the website, the server can personalize the page according to the user's preferences.
It is not efficient to allocate most of the server-side to anonymous clients, as many clients can visit the site only once. For this reason, it is preferred to store cookies on the client rather than on the server.
Cookies are mainly used for three purposes:
-Session management:
Logins, shopping carts, game scores, or anything else the server should remember
-Personalization:
User preferences, themes, and other settings
-Tracking:
Recording and analyzing user behavior
Now, let's make a simple application
Now, let's make a simple application
When we log in to a site, our name, or our e-mail address, appears automatically when we next log in. Let's do an example with Flask to see this.
We will get name information from the user .
"The name you entered is registered this way" will return when the user refresh the page.
I saved this app.py:
"The name you entered is registered this way" will return when the user refresh the page.
I saved this app.py:
#/usr/bin/python
# -*- coding: UTF-8 -*-
from flask import Flask,request, render_template,redirect, url_for, flash, make_response
app = Flask(__name__)
@app.route('/', methods=['GET', 'POST'])
def index():
name = None
if request.method == 'POST':
name = request.form['name']
res = make_response("The name you entered is registered this way.")
res.set_cookie("name", name, 60*60*24*15)
return res
if not request.cookies.get('name'):
return render_template('index.html', name=name)
else:
return render_template('index.html', name=request.cookies.get('name'))
@app.route('/delete/')
def delete_cookie():
res = make_response("Cookie Removed")
res.set_cookie('name', '', expires=0)
return res
if __name__ == '__main__':
app.run(debug=True)
Run this commands in the same directory with this code we wrote.
$mkdir templates
$cd templates
Now, create index.html
$export FLASK_APP=app.py
$flask run
This application will run at localhost:5000
You will see a page like this. Enter name and click submit
And refresh the page
Now, delete the cookie from localhost:5000/delete
Cookies are considered extremely insecure, as the user can easily change their content. For this reason, you should always verify the cookie data.
$mkdir templates
$cd templates
Now, create index.html
<html>
<head>
<title>Cookie Test</title>
</head>
<body>
<div class="container">
<form action="" method="post">
<input type="text" placeholder="Name" name="name" value="{{ request.form.username }}">
<input class="btn btn-default" type="submit" value="Submit">
</form>
{% if name %}
<p class="Name"><strong>Name:</strong> Adınız {{ name }} olarak kayıtlı.
{% endif %}
</div>
</body>
</html>
$export FLASK_APP=app.py
$flask run
This application will run at localhost:5000
And refresh the page
Now, delete the cookie from localhost:5000/delete
Cookies are considered extremely insecure, as the user can easily change their content. For this reason, you should always verify the cookie data.
So are cookies really safe? Is our personal data protected?
Cookies are harmless on their own. Cookies can store a wealth of data, enough to potentially identify you without your consent. When you search for a seat to get home on the Internet, and then on an irrelevant website, you will see the advertisement for that seat and similar products. Cookies are the primary tool that advertisers use to track your online activity so that they can target you with highly specific ads. Given the amount of data that cookies can contain, they can be considered personal data(when cookies can identify an individual via their device, it is considered personal data) in certain circumstances and, therefore, subject to the GDPR
Things get complicated when data provided by users are served to third-party websites. The user should always be informed of the storage or monitoring mechanisms used. Although browsers allow you to delete or decline cookies, many sites do not accept it. Technologies like Evercookie recreate cookies even if they are deleted.
The GDPR now requires users to accept cookies stored on their computers. Cookie storage is legal only if the website or company tells the user how to use their data. However, there are many ways to circumvent a user's choices.
Persistent cookies can retrieve their information after deleting a user's cookies. The files are recreated and can continue to inform websites about user activities without their consent.
Deleting cookies is a deliberate act and should, therefore, be respected.
Persistent Cookies like Evercookies, Super Cookies, and Cookie Forever will no longer be available in digital space in 2019. The new cookie law and the EU's GDPR have now made permanent cookies illegal, and companies that use them will receive huge penalties.
Cookies are used by the server to implement sessions. Usually an application's cookie contains an identifier for a session.
What is HTTP SESSION ?
While shopping on a shopping site, you can browse many products and add more than one product to your cart. When you want to complete the shopping, you will see all the products in your cart. But HTTP stateless is a protocol and how do you say that?
Cookies or URL parameters are convenient ways to move data between 2 or more requests. However, if you don't want the data to be readable/editable on the client-side, you need to do something else if you want it to be safe.
It can act as if it maintains an ongoing connection with the server, with an HTTP stateless protocol and help from your browser. It enables the servers to recognize the clients by having the server send a unique token to the client and sending it back to the server as part of the client every time the client requests it. Each time the client requests this server, the client adds this token as part of the request, allowing the server to identify the clients. The mechanism of transferring the session ID back and forth between the client and the server creates a permanent connection feeling between requests.
Sessions are a temporary and interactive exchange of information between two or more communication devices or between a computer and the user. A session is established at a specific time. A session creates a file on the server where session variables and values stored in a temporary directory are stored. This data can be used by all pages on the site during the visit. After the user closes the browser or leaves the site, the server ends the session after a predetermined time (usually 30 minutes). Session data is automatically deleted.
Sessions use the cookie as a kind of key to associate it with data stored on the server-side. Sessions store your login information on servers, unlike clients. So it is safer than cookies. Sessions also create and send cookies to your computer, but the cookie sent in this session event is sent encrypted.
A session identifier, session ID or session identifier is a piece of data used in network communication (usually over HTTP) to identify a session, a series of related message exchanges. Session identifiers become necessary when they use a stateless protocol such as HTTP. For example, a user who has access to a shopping site wants to collect several items in a virtual shopping cart and then go to the site's payment page to complete the shopping. This usually involves continuous communication, where several web pages are requested by the client and sent back to them by the server. It is necessary to track the current user and status of the shopping cart, and a session ID helps us with this.
Usually, on your first visit to a website, you are given a session ID. So what is session ID?
Each session is assigned a unique ID used to retrieve the stored values. When a session is created, a cookie containing the unique session ID is stored on the user's computer and returned with each request to the server. The login ID can be stored as a cookie, form field, or URL.
Sessions have a relatively large data storage capacity compared to cookies
Reference:
https://gdpr.eu/cookies/
https://gdpr.eu/cookies/
Hiç yorum yok:
Yorum Gönder