What are Cookies ?
Cookies are the small amount of data sent from website (which a user is browsing) and is stored as a small text files on computer. When a user access a website with a cookie function for the first time, a cookie is sent from server to the browser and stored in the local computer.Every time a user loads the same website, the website will recognize the user because of the stored cookie .The browser sends the stored cookie back to the server and notifies the previous activity of the user . Cookies are used by websites to remember login information and other website specific customizations.
Cookies stored on computer maintains information that allow web sites to authenticate users identity and speed up transactions. However, cookies can also be accessed by other persons who are not authorized to do so. If no security measures are there, an attacker can examine a cookie and gets authorized users information. He then may use this information to gain access to the users existing accounts.
Different types of cookies :
Session Cookies : are stored in the computer's memory for limited period of time till browsing session and when the browsing session get end cookies get automatically deleted from the user's computer , And when next time user visit that particular site then site will not recognise the user and treat as a completely new visitor .
Permanent cookies : are the cookies which are not deleted from the user computer when browser is closed and are used to keep track of the user preferences for a particular site. Like we can use permanent cookies to keep track of user preferences and can remember user on next visit .
Flash cookies : Official term for flash cookies is Local Shared Objects ,this type of cookies is used to stored information related to media, such as video clips . Flash cookies are good when playing games as it is the way to save user progress . one main drawback of flash cookies is that you cant locate it in your system .Flash cookies can save about 100 Kilobyte of user information by default .
What is Cookie Poisoning ?
Cookie poisoning is a technique used by unauthorized person to get access to the data in a cookie usually to steal someones information saved in cookie .
By forging cookie, attacker can impersonate as a legal user and can gain information about victim's account or perform action as a victim.
How to prevent application from Cookie Poisoning attack?
To prevent from cookie poisoning attack ,cookies should be encrypted or a digital signature should be created which can be used to validate the content in all future communications between the sender and the recipient .