Cookies

Cookies

Cookies are small pieces of data that servers send to the user's web browser, where they are stored for later retrieval. They're primarily used for session management, tracking (like personalizing content), and maintaining specific information about users, such as site preferences.

Cookie Flags:

Here are the main flags associated with cookies:

  1. Secure:

    • Ensures that the cookie is only sent over secure HTTPS connections.

    • This mitigates the risk of interception over unencrypted or less secure connections.

    Vulnerability:

    • Without the Secure flag, cookies might be sent over HTTP, making them vulnerable to eavesdropping attacks, such as man-in-the-middle attacks.

    Example:

    javascript
  • document.cookie = "sessionId=12345; Secure";

  • HttpOnly:

    • This attribute ensures that the cookie is inaccessible to JavaScript's document.cookie API.

    • It's an effective measure to prevent theft of a cookie through cross-site scripting (XSS).

    Vulnerability:

    • Without the HttpOnly flag, if an XSS vulnerability exists, an attacker can easily steal the cookie.

    Example:

    javascript
  • document.cookie = "sessionId=12345; HttpOnly";

  • Domain:

    • Specifies which hosts can receive the cookie.

    • If not specified, defaults to the host of the current document location.

    Vulnerability:

    • If misconfigured, it might allow related subdomains to receive the cookie, which can lead to subdomain takeover vulnerabilities or unintended information disclosure to other subdomains.

    Example:

    javascript
  • document.cookie = "sessionId=12345; Domain=example.com";

  • Path:

    • Specifies a URL path that must exist in the requested URL for the browser to send the Cookie header.

    Vulnerability:

    • If not correctly set, cookies can be leaked to unexpected parts of the application, possibly leading to vulnerabilities.

    Example:

    javascript
  • document.cookie = "sessionId=12345; Path=/admin";

  • Expires and Max-Age:

    • Expires sets the cookie's expiration date. The cookie will be removed on this date.

    • Max-Age sets the cookie's expiration as an interval in seconds. The cookie will be removed after this duration.

    Vulnerability:

    • Without a specified expiration, the cookie becomes a session cookie and will exist until the browser session ends. Persistent authentication cookies without expiration can increase the window of opportunity for attacks if the cookie is leaked.

    Example:

    javascript
  • // Using Expires
document.cookie = "sessionId=12345; Expires=Wed, 21 Oct 2023 07:28:00 GMT";

// Using Max-Age
document.cookie = "sessionId=12345; Max-Age=3600"; // 1 hour

  • SameSite:

    • This attribute lets servers specify whether/when cookies are sent with cross-origin requests.

    • Three values: Strict, Lax, and None.

      • Strict: Cookie is only sent to the originating site.

      • Lax: Cookie is sent on top-level navigations from an external site.

      • None: Cookie is sent on all requests (but requires the Secure flag).

    Vulnerability:

    • Without the SameSite attribute (or if set to None without the Secure flag), cookies could be sent in cross-site requests, potentially leading to CSRF attacks.

    Example:

    javascript

Conclusion:

Cookies play a crucial role in web applications for maintaining state and tracking user behavior. However, improper configuration and handling of cookies can lead to various vulnerabilities. By understanding the purpose and implications of each cookie attribute, developers can ensure that they are using cookies securely and effectively, mitigating associated risks.

PreviousClient-Side Request ForgeryNextCommand Injection

Last updated