post_5

Cookie Free Domain: Discover what it is

Cookie Free Domain is very used for an optimum development of webpages and for a better visualization of the content. Therefore, we can say cookies are tools that allow a Web page, among other things, store and retrieve information about browsing habits of users or their computer, depending on the information obtained can be used to recognize the user and improve the service. But this is something we will explain below.

Cookie Free Domain Definition

A cookie is a small text file that is stored in your browser when you visit almost any web page. Its utility consists of allowing the web to be able to remember your visit when return to navigate on any page. Generally, any Free Domain works with cookies.

 Cookies often store technical information, personal preferences, content personalization, usage statistics, links to social networks, access to user accounts, etc. The purpose of a cookie is to adapt the content of the web to your profile and needs. Without cookies services offered by any page, it would be diminished significantly.

Cookies can be created in different ways, for example:

  1. Cookies can be created by the server, and send the browser to the store. Suppose we enter a website where users are anonymous, but once we introduce our username and password (for example suppose you are the user Albert Einstein), the server sends a cookie to the browser.
  2. Cookies can be created using JavaScript in the browser and stored in the browser, then later sent to the server in each communication takes place.

Lifetime of Cookies

Cookies are temporal data, that is, their intention is not be stored “forever”, but be stored for a time to facilitate navigation. A cookie can have an associated erase or expiration date, in which case it will remain in the user’s browser until it reaches that date (unless the user decides to make a deletion of cookies).

 In this case, it may happen that the user closes the browser and open it after a few hours or days and the information in cookies continue to be there. Cookies with deletion date are usually called persistent cookies because they do not destroy except when the expiration date arrives.

Other cookies have no deleted or expiration date, or if they have is very short (say an hour). If the cookie has no deletion date, it is destroyed when the browser is closed. So, keep in mind that browsers can store information in other ways besides as cookies (such as settings, user profiles, passwords, etc.).

 

Protecting Cookie Free Domain

As in any security process, the first thing to do is define the environment. Cookies can be defined for specific domain or subdomain in order to be valid. This procedure offers advantages to properly define the use of each cookie and the impossibility of using it in various applications.

To create cookies, the analyst and the developer must establish:

  • for which applications cookie will be valid
  • For which domain and subdomain, cookie will be valid
  • when it must expire
  • if only be valid in SSL encrypted connections
  • If cookies will remain active after leaving an encrypted connection SSL
  • way to restrict access through scripting (JS or VBS)

Of course, depending on the level of criticality of the application, the answers will be different: it is not the same as protecting a home-banking session through SSL compared to a general access site.

Much information is transmitted and stored in cookies and their use is most common in any application. Unfortunately few developers know or apply good security practices on them and even sites like Google, Twitter and Facebook recently began to use time on encrypted channels

No Comments

Leave a Comment