I've noticed that when a server sends a client the cookie values, some sites send such things as username and password in plaintext. But the browser stores it differently. I know that different browsers store cookies in different formats, but how does IE store such cookie values?
Also, iirc, more sophisticated websites enable 'auto-login' for a client without the server ever having to send the password. Or allows the client to login without ever having to send (in plaintext) the password. Does the server send a hashing or encryption algorithm for the browser? Or is it more standardized?
1) It doesn't matter how IE stores cookies, you shouldn't be using IE on the open net.
2) Probably, but without a specific example, there's no way to know for sure. Another possible strategy would be to use the cookie in the canonical sense, such that the data on the client truly is a magic value. That is, the server rolls some completely arbitrary token and saves that with your user record as being a valid login token, then gives you that token for when you come back. As soon as you log out of the site, that token is useless forever-after.
Quote from: Kp on February 05, 2005, 10:46 AM
1) It doesn't matter how IE stores cookies, you shouldn't be using IE on the open net.
You might still want to know how IE stores cookies because, whether or not it *should* be true, the fact is that IE is the most widely-used browser.
Yeah, because people are uninformed and companies refuse to migrate to the far better firefox
Quote from: MyndFyre on February 07, 2005, 05:00 PMYou might still want to know how IE stores cookies because, whether or not it *should* be true, the fact is that IE is the most widely-used browser.
It is more widely used, but that's no reason to permit using it here if he can avoid it.
I was not intending to use IE for my web browsing but merely wondering how a popular browser such as IE would save cookies.
Apparently stealing cookies isn't a necessarily hard task to do, they can pose a big security risk for those of us that keep our sessions open, such as the ones for these forums =\
Quote from: Kp on February 08, 2005, 03:55 PM
Quote from: MyndFyre on February 07, 2005, 05:00 PMYou might still want to know how IE stores cookies because, whether or not it *should* be true, the fact is that IE is the most widely-used browser.
It is more widely used, but that's no reason to permit using it here if he can avoid it.
Just because
you don't use IE, doesn't mean 95% of the people with an internet connection don't. And, obviously, that's reason enough to want to
learn about how a piece of software works.