Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The web site www.widget.com requires users to supply a user name and a password.

ID: 3545342 • Letter: T

Question

The web site

www.widget.com requires users to supply a user name and a password. This information is encoded

into a cookie and sent back to the browser. Whenever the user connects to the Web server, the

cookie is sent. This means that the user need only supply a password at the beginning of the session.

Whenever the server requests reauthentication, the client simply sends the cookie. The name of the

cookie is identif.

(a) Assume that the password is kept in the clear in the cookie. What should the settings of the

secure and expires ?elds be, and why?

(b) Assume that the name and password are hashed, and that the hash is stored in the cookie. What

information must the server store to determine the user name associated with the cookie?

(c) Is the cookie storing state or acting as an authentication token, or both? Justify your answer.

Explanation / Answer

(a)Cookie is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity.

(b)Cookies can also store passwords and forms a user has previously entered, such as a credit card number or an address. When a user accesses a website with a cookie function for the first time, a cookie is sent from server to the browser and stored with the browser in the local computer. Later when that user goes back to the same website, the website will recognize the user because of the stored cookie with the user's information.

(c)Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in.

Related Questions

The wavefunction of a transverse sinusoidal wave on a string has the form y(x,t)
Question #3160811
The wavelength for a laser that emits light with a frequency of 3.29 times 10^14
Question #1067576
The wavelength given in the problem is the wavelength in air. Remember that you
Question #1451412
The wavelength of A photon of energy E and moment urn p = E/c Is = h/p. where h
Question #1693046
The wavelength of a certain laser is 445 nm, and the power of the laser is 2.30
Question #2104194
The wavelength of helium-neon laser is 632.8 nm. What is the wavelength of the a
Question #1554249
The wavelength of light fluoresced by molecules is longer than that absorbed bec
Question #527207
The wavelength of one particular emission of a certain galaxy has been shifted f
Question #1801115

Navigate

Previous
The web page has the followings: Two drop zones: Player Throw, and Computer Thro
Next
The website gives an example of Weber\'s law, ?I/I = K, applied to weight. Let\'

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.