Cookies store metadata to maintain HTTP sessions in a stateless protocol, enabling websites to recognize users across visits. They include attributes like Domain, Path, and HttpOnly, which control scope and security, as demonstrated through a CNN example. #HTTPHeaders #HttpOnlyCookies
Keypoints
- Cookies are used to track user sessions by storing metadata in the browser.
- They are set and sent via HTTP headers: Set-Cookie in responses and Cookie in requests.
- Cookies with the HttpOnly attribute cannot be accessed through client-side JavaScript for security reasons.
- Attributes like Expires, Max-Age, Domain, and Path control cookie lifespan and scope.
- Insecure cookies without HttpOnly can be vulnerable to client-side script attacks such as XSS.
Read More: https://infosecwriteups.com/http-cookies-b605fc29c058?source=rss—-7b722bfd1b8d—4