All about cookie
Table of contents
1 - Creating Cookies: 2 methods
- Use javascript -
document.cookie
in the console - Use Web server -
set-cookie
header
2 - Cookie Properties
-
Sent with every request
- testing URL: example.com
- adding
document.cookie="example=1"
directly to console - Check on application > cookie, see the cookie output
-
Cookie Scope
- Domain - defining with domain
document.cookie="cookieExample=1; domain=.example.com"
domain=.example.com
is making this cookie available in all subdomain, similar to *.example.com.- You can see
cookie
underrequest header
- Path - defining with path
- req: document.cookie=”examplePath1=1; path=/path1”
- “examplePath1=1; path=/path1”
- req: document.cookie=”examplePath2=2; path=/path2”
- “examplePath2=2; path=/path2”
- Domain - defining with domain
-
Expires, Max-age
- In console req:
document.cookie="tempCookie=9; max-age=3"
- 3 = 3 second.
- In console req:
-
Same site
document.cookie="superSecretCookie=2; samesite=strict"
document.coolie="laxCookie=1; samesite=lax"
3 - Cookie Type
- Session cookie - when close browser, cookie gets cleared
- Permanent cookie - maxage set with expiry
-
HttpOnly cookie - people cannot do
document.cookie
res.setHeader("set-cookie", ["setFromServer=6", "canNotSeeThis=1; httponly"])
- Secure cookie - only available over
HTTPS
protocol - Third party cookie
- Zombie cookie - user delete cookie and it auto re-generate
- server knows you, eTags
- eTags is mechanism of cache
4 - Cookie Security
- Stealing cookies
- Cross site request forgery
Install Express
npm install express --save