CSC/ECE 517 Spring 2015/ch1b 10 GL

From Expertiza_Wiki
Revision as of 01:00, 18 February 2015 by Kgong (talk | contribs)
Jump to navigation Jump to search

Encrypted Cookies


Introduction

Background

A cookie, sometimes called HTTP cookie, web cookie or browser cookie, is some data stored in a user’s web browser while visiting that website. Cookie is sent from web server and browser sends it back when the user loads the website, in order to notify the website of the user’s previous activity. Cookies were designed for web server to remember some user’s information or to record user’s browsing activity. (including clicking certain button, logging in, or recording which pages were visited by the user before) The most common example of this functionality is the shopping cart feature of any e-commerce site. When you visit one page of a catalog and select some items, the session cookie remembers your selection so your shopping cart will have the items you selected when you are ready to check out. Without session cookies, if you click “CHECKOUT” , the new page does not recognize your past activities on prior pages and your shopping cart will always be empty.

In Rails, we may get in touch with cookies when we learn session, which can be regarded as one of cookie’s usage because cookie-based session store is dramatically faster than the alternatives. Rails cookie based session storage was introduced as the default in 2007, version 2.0.0. In Rails 2 and Rails 3, the value of the cookie is a base64 encoded serialized string with an added signature. Session data is thus almost clear text. In Rails 4, the value of the cookie is an encrypted string. But if you have access to the source code of the application you can use the built-in infrastructure to decode the session.

How it works

If you generate a Rails application in 3.2 then ,by default, you will see a file at config/initializers/session_store.rb. The contents of this file is something like Demo::Application.config.session_store :cookie_store, key: '_demo_session' First thing this line is telling is to use cookie to store session information. Second thing this line is telling is to use _demo_session as the key to store cookie data. A single site can have cookies under different key. For example airbnb is using 14 different keys to store cookie data.

Retrieved from "https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2015/ch1b_10_GL&oldid=94159"