HTTP Cookie / Web cookie / Internet cookie / browser cookie

What is Cookie
Web Server asks web browser to store some information on user’s PC. Information is stored in a file(called Cookie) created by Web browser & placed on the user’s computer. 

      Example:
      * _Path:_ "C:\Users\user_name\AppData\Local\Google\Chrome\User Data\Default\Network\Cookie(SQL Lite DB)"
      * _In Browser:_ Right-click on your browser window > Inspect > Applications tab > Cookies > Check installed cookies
      # cat "C:\Users\user_name\AppData\Local\Google\Chrome\User Data\Default\Network\Cookie"
      cookie_name      cookie_value				domain			valid_timestamp			cookie_len	cookie_priority
      cookie_1	lwyMCcUDlsziLcAF/AOF3W1gCBO1aeb291	.google.com	/	2024-10-09T14:58:52.469Z	51			High
Why Cookie needed
To track the user’s browsing activity(clicking particular buttons, recording which pages were visited in the past, User Preferences)
Saving info user entered in forms: names, addresses, passwords(stored as hashed), and payment card numbers. 

      Web Browser                                   Web server
      -- GET /sample_page.html HTTP/2.0 ->
         Host: www.example.org

      <------- HTTP/2.0 200 OK---------------
              Content-Type: text/html
              Set-Cookie: yummy_cookie=choco       //Store cookie
              Set-Cookie: tasty_cookie=strawberry
              [page content]

store information
in Cookie file

Cookie Terms

Stolen Cookie

If hacker steals and installs your cookies into their web browser, hacker will get access your account.
How cookie theaft can be avoided? Cleaning cookies every 7-14 days.

Cookie Surrogate(Meaning Substitute)

This feature allows web applications to manage user sessions and authentication for users who are not authenticated or identified. Useful when multiple users might share the same IP address, such as in terminal server environments or public networks.
How it works
Authenticated user: When a user accesses a web application, the application typically checks for an authentication cookie to identify the user. If the cookie is present, the user is considered authenticated.

Handling Unknown Users:
User is unauthenticated (i.e., no cookie is found), the cookie surrogate mechanism kicks in.
Instead of blocking access or denying service, the application can apply certain policies for unknown users.
Application can implement real-time protection policies that dictate what actions can be performed by unauthenticated users, For instance, it might allow browsing of certain resources while restricting access to sensitive areas.