19
an
attacker
using
an
intermediary
computer
or
with
access
to
the saved
cookies
on
the
victim's computer
2.15 Cookie Hijacking
During normal operation cookies are sent back and forth between a server (or a group of
servers in the same domain) and the computer of the browsing user. Since cookies may
contain sensitive
information (user
name,
a
token
used
for
authentication,
etc.),
their
values should not be accessible to other computers. Cookie theft is the act of intercepting
cookies by an unauthorized party, Like sniffing tools, and hacking software.
2.16 Differences between Cookies and Session
Cookies
is
a
method
of
saving
data
from
webpage
client
into
another
computer
server
like saving name, password, and any other data. Session is method to keep data between
webpage.
For
example
when
you
access
first
php
website
and
writing
something
to
access second php like username, password, or something else .The second php website
do not know
if
you are same people
who accesses
first php website
unless,
you
leave a
footstep.
The
footstep
analogy
in
here
is
session
for
maintain
data
between
web
page.
The first difference is relation between session and cookies, session need cookies. But
sessions not always using cookies, there always a time when cookies is being block by
many browser for security reason. The second difference is the saving place mechanism,
 |