A "cookie" is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser. This is useful for having the browser remember some specific information. These are small data files which act as unique identifiers and allow our site to remember a particular user. Cookies do not harm computer. Certain areas of our web site, such as our forums use cookies. Some times user’s personal information is stored in cookies and if someone hacks the cookie then hacker can get access to your personal information. Even corrupted cookies can be read by different domains and lead to security issues. This is why testing of website cookies is very important.
In this white paper, we will focus on basics of cookies world and also how to test the website cookies.
Introduction
In today’s world we use websites for numerous activities, like shopping, travel ticket booking. And here comes an important word “cookie” in the picture. Almost, everywhere cookies are used to store the information sent by web servers.
So, we will first focus on what exactly cookies are and how they work. What are cookies?
Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve information from that machine. Generally cookie contains personalized user data or information that is used to communicate between different web pages. An example is when a browser stores your passwords and user ID`s. They are also used to store preferences of start pages, both Microsoft and Netscape use cookies to create personal start pages.
Cookies are nothing but the user’s identity and used to track where the user navigated throughout the web site pages.Why Cookie?
The communication between web browser and web server is stateless. For example if you are accessing domain http://www.example.com/1.html then web browser will simply query to example.com web server for the page 1.html. Next time if you type page as http://www.example.com/2.html then new request is send to example.com web server for sending 2.html page and web server don’t know anything about to whom the previous page 1.html served.
What if you want the previous history of this user communication with the web server? You need to maintain the user state and interaction between web browser and web server somewhere. This is where cookie comes into picture. Cookies serve the purpose of maintaining the user interactions with web server.
How cookies work?
To exchange information files on the web, the HTTP protocol is used. There are two types of HTTP protocol: Stateless HTTP and Stateful HTTP protocol.
Stateless system
A stateless system has no record of previous interactions and each interaction request has to be handled based entirely on the information comes with it. For eg, if we enter http://www.example.com/sample.html into our web browser’s address bar and press Enter, then conversation between the browser and the example.com web server goes like this : Web browser will simply query to example.com web server for the page sample.html.
Once the browser receives the last byte of information using HTTP, the example.com web server essentially forgets about the request data. If now, we send some other request to the web server, it will execute upon the request, without memory of the earlier request. It does not need to remember the earlier request for the response of the new request. This isn’t bad for example.com website; no harm, no foul.
Stateful system
Are there are cases where state does matter for a web based system? The answer is YES, and here comes the Stateful system. Stateful HTTP protocols do keep some history of previous web browser and web server interactions and this protocol is used by cookies to maintain the user interactions.
Whenever user visits the site or page that is using cookie, small code inside that HTML page writes a text file on users machine called cookie. When user visits the same page or domain later time this cookie is read from disk and used to identify the second visit of the same user on that domain. Expiration time is set while writing the cookie. This time is decided by the application that is going to use the cookie.
Applications where cookies are used
Online Ordering Systems: An online ordering system could be developed using cookies that would remember what a person wants to buy, this way if a person spends three hours ordering CDs at your site and suddenly has to get off the net they could quit the browser and return weeks or even years later and still have those items in their shopping basket.
Website Tracking: Site tracking can show you places in your website that people go to and then wander off because they don`t have any more interesting links to hit. It can also give you more accurate counts of how many people have been to pages on your site.
........
Source:
http://www.testinggeek.com/index.php/testing-articles/186-web-application-cookie
In this white paper, we will focus on basics of cookies world and also how to test the website cookies.
Introduction
In today’s world we use websites for numerous activities, like shopping, travel ticket booking. And here comes an important word “cookie” in the picture. Almost, everywhere cookies are used to store the information sent by web servers.
So, we will first focus on what exactly cookies are and how they work. What are cookies?
Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve information from that machine. Generally cookie contains personalized user data or information that is used to communicate between different web pages. An example is when a browser stores your passwords and user ID`s. They are also used to store preferences of start pages, both Microsoft and Netscape use cookies to create personal start pages.
Cookies are nothing but the user’s identity and used to track where the user navigated throughout the web site pages.Why Cookie?
The communication between web browser and web server is stateless. For example if you are accessing domain http://www.example.com/1.html then web browser will simply query to example.com web server for the page 1.html. Next time if you type page as http://www.example.com/2.html then new request is send to example.com web server for sending 2.html page and web server don’t know anything about to whom the previous page 1.html served.
What if you want the previous history of this user communication with the web server? You need to maintain the user state and interaction between web browser and web server somewhere. This is where cookie comes into picture. Cookies serve the purpose of maintaining the user interactions with web server.
How cookies work?
To exchange information files on the web, the HTTP protocol is used. There are two types of HTTP protocol: Stateless HTTP and Stateful HTTP protocol.
Stateless system
A stateless system has no record of previous interactions and each interaction request has to be handled based entirely on the information comes with it. For eg, if we enter http://www.example.com/sample.html into our web browser’s address bar and press Enter, then conversation between the browser and the example.com web server goes like this : Web browser will simply query to example.com web server for the page sample.html.
Once the browser receives the last byte of information using HTTP, the example.com web server essentially forgets about the request data. If now, we send some other request to the web server, it will execute upon the request, without memory of the earlier request. It does not need to remember the earlier request for the response of the new request. This isn’t bad for example.com website; no harm, no foul.
Stateful system
Are there are cases where state does matter for a web based system? The answer is YES, and here comes the Stateful system. Stateful HTTP protocols do keep some history of previous web browser and web server interactions and this protocol is used by cookies to maintain the user interactions.
Whenever user visits the site or page that is using cookie, small code inside that HTML page writes a text file on users machine called cookie. When user visits the same page or domain later time this cookie is read from disk and used to identify the second visit of the same user on that domain. Expiration time is set while writing the cookie. This time is decided by the application that is going to use the cookie.
Applications where cookies are used
Online Ordering Systems: An online ordering system could be developed using cookies that would remember what a person wants to buy, this way if a person spends three hours ordering CDs at your site and suddenly has to get off the net they could quit the browser and return weeks or even years later and still have those items in their shopping basket.
Website Tracking: Site tracking can show you places in your website that people go to and then wander off because they don`t have any more interesting links to hit. It can also give you more accurate counts of how many people have been to pages on your site.
........
Source:
http://www.testinggeek.com/index.php/testing-articles/186-web-application-cookie