stackoom
  简体   繁体   中英

Are client side cookies accessible by all and are there cookies on the server side

 原文  2013-10-06 15:39:36       javascript

Question

If I have a SITEA writing a cookie to my browser, can SITEB write code to access the cookie or are cookies hidden from websites that didn't create them ?

My answer to that was that YES, SITEB can read the document.cookie and if he knows what's the cookie name, it can access it. Was I right ?

Regarding the second questions, I don't think there are Server Side cookies other than SESSIONS. Am I right?

2 answers

solution1
 2 ACCPTED  2013-10-06 15:45:13

Cookies are usable by both the server and the client. Cookies can only be read by the website the domain that creates them; you can use sub-domains domains, url paths. Cookies are generally considered insecure if used from the client side, and should not be used to hold sensitive data if accessed from the client side. The server can encrypt information and store it in the cookie as long as the encryption is done on safe manner on the server. Using cookies are a good way of avoiding the use of a session server, and if you do not save sensitive data they are a good way to store state in a web application. Although they can be more challenging than other session mechanisms, the do work on both the client and the server.

Advertising products like double click use cookies to track a monitor user activity, which is how ads follow you from site to site.

Third-party and first-party cookies

Cookies are categorized as third-party or first-party depending on whether they are associated with the domain of the site a user visits. Note that this doesn't change the name or content of the actual cookie. The difference between a third-party cookie and a first-party cookie is only a matter of which domain a browser is pointed toward. The exact same kind of cookie might be sent in either scenario. https://support.google.com/adsense/answer/2839090

solution2
 0  2013-10-06 16:04:19

Cookies are accessible on the basis of domain. This is the basic inherent feature of any browser otherwise it would have been very easy for companies to snoop on each other's users.

If Site A has domain .xyz.com then any website having the same domain can access the cookies. But if any site has domain xyz.com (dot missing) it cant access any other domain's cookies. Also the http request send to server will contain cookies of the domain from which it is sent.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question client side and server side cookies Client Side Only Cookies Meteor cookies and Server side routes Cookies are not stored on client side in MERN Stack When to create cookies at client side(browser) Are cookies fit for just client side usage? Storing data in cookies,client side verification what happens when you expire cookies client side and go server side? How to change server side language cookies like client side using Ajax? asp.net/javascript creating cookies, advantages creating client side or server side?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM