Web security Combat (iv) about cookies

Objective
In the past few days, have been dealing with the loopholes, and in these vulnerabilities, the most appear is the Cookie and Session. This article provides a simple introduction to some of the four most commonly used attributes in cookies. is also for the follow-up article to make a cushion it.
Don't say much nonsense, go straight to the chase.

Property

• Path (Paths)

Path is the Web page that specifies the Cookie that is associated with it. Its value can be a directory, or a path. If http://www.china.com/test/index.html establishes a cookie, then all pages in the http://www.china.com/test/directory, and the pages in any subdirectory below the directory can access this cookie. This means that any page in Http://www.china.com/test/test2/test3 can access the cookie created by http://www.china.com/test/index.html.
However, what if http://www.china.com/test/needs to access the cookies set by http://www.china.com/test/index.html? At this point, we want to set the path property of the cookie to "/". When specifying a path, cookies can be shared by all WEB pages that have the same path in the URL from the same server.

• Domain (domains)

Domain is the WEB server or domain that specifies the association. It'sThe value is a domain name, such as www.china.com. This is an extension to the Path property. What if we want www.china.com to have access to cookies set by bbs.china.com? We can set the Domain property to "china.com" and set the Path property to "/".

• Secure (Security)

Secure is the value of the specified Cookie over how the network is passed between the user and the WEB server.The value of this property is either "secure", or null. By default, this property value is empty, which means that data is passed using an unsecured HTTP connection. If a cookie is marked secure, it passes data to and from the WEB server over HTTPS or other security protocols. However, setting the secure property does not mean that others cannot see the cookie that is stored locally on your machine. In other words, setting the cookie to secure only guarantees that the data transfer process between the cookie and the WEB server is encrypted, while the cookie file stored locally is not encrypted. If you want to encrypt your local cookie, you need to encrypt your data yourself.

• Expires (expiry time)

Expires refers to the lifetime of a Cookie, or, to be exact, the expiration date.You must use this property if you want the cookie to exist longer than the current browser's session time. When the expiration date is expired, the browser automatically deletes the cookie file.

Conclusion
This article is relatively short, mainly to introduce the four common properties of cookies, and, these four properties for the security of the WEB server is still very important, usually when we engage in development, often ignore these "small" stuff. And many times, ignore these "small" east, will bring us unexpected problems, so, here to emphasize, also is to give yourself to wake up.
Well, not early, today's work is also very tired, do not say more, take a break early. Tomorrow, after the day after, you have to work overtime, Ah, a good weekend, and no!

Web security Combat (iv) about cookies