Search completed in 0.89 seconds.
Using HTTP cookies - HTTP
cookies are mainly used for three purposes: session management logins, shopping carts, game scores, or anything else the server should remember personalization user preferences, themes, and other settings tracking recording and analyzing user behavior
cookies were once used for general client-side storage.
...
cookies are sent with every request, so they can worsen performance (especially for mobile data connections).
... to see stored
cookies (and other storage that a web page can use), you can enable the storage inspector in developer tools and select
cookies from the storage tree.
...And 35 more matches
nsICookieService
netwerk/cookie/public/nsi
cookieservice.idlscriptable provides methods for setting and getting
cookies in the context of a page load.
... var
cookiesvc = components.classes["@mozilla.org/
cookieservice;1"] .getservice(components.interfaces.nsi
cookieservice); notifications this service broadcasts the following notifications when the cookie list is changed, or a cookie is rejected: topic subject data cookie-changed broadcast whenever the cookie list changes in some way.
... batch-deleted a set of
cookies were deleted as part of a purge operation.
...And 13 more matches
Storage access policy: Block cookies from trackers
firefox includes a new storage access policy that blocks
cookies and other site data from third-party tracking resources.
... the storage access policy blocks resources identified as trackers from accessing their
cookies and other site storage when they are loaded in a third-party context.
... this prevents those resources from retrieving tracking identifiers stored in
cookies or site storage and using them to identify users across visits to multiple first parties.
...And 9 more matches
Cookies - Firefox Developer Tools
when you select an origin inside the
cookies storage type from the storage tree, all the
cookies present for that origin will be listed in a table.
... the
cookies table has the following columns: name — the name of the cookie.
...same-site
cookies allow servers to mitigate the risk of csrf and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.
...And 6 more matches
SameSite cookies - HTTP
values the samesite attribute accepts three values: lax
cookies are allowed to be sent with top-level navigations and will be sent along with get request initiated by third party website.
... strict
cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.
... none
cookies will be sent in all contexts, i.e sending cross-origin is allowed.
...And 5 more matches
nsICookieStorage
this interface represents the storage repository for
cookies.
... modules/plugin/base/public/nsi
cookiestorage.idlnot scriptable please add a summary to this article.
... last changed in gecko 1.7 inherits from: nsisupports method overview void getcookie(in string acookieurl, in voidptr acookiebuffer, in pruint32ref a
cookiesize); void setcookie(in string acookieurl, in constvoidptr acookiebuffer, in unsigned long a
cookiesize); methods getcookie() retrieves a cookie from the browser's persistent cookie store.
...And 4 more matches
Cookies Preferences in Mozilla
network.cookie.cookiebehavior default value: 0 0 = accept all
cookies by default 1 = only accept from the originating site (block third party
cookies) 2 = block all
cookies by default 3 = use p3p settings (note: this is only applicable to older mozilla suite and seamonkey versions.) 4 = storage access policy: block
cookies from trackers network.cookie.lifetimepolicy default value: 0 0 = accept
cookies normally 1 = prompt for each cookie (prompting was removed in firefox 44) 2 = accept for current session only 3 = accept for n days network.cookie.lifetime.days default value:...
... 90 only used if network.cookie.lifetimepolicy is set to 3 sets the number of days that the lifetime of
cookies should be limited to.
... network.cookie.alwaysacceptsession
cookies default value: false only used if network.cookie.lifetimepolicy is set to 1 true = accepts session
cookies without prompting false = prompts for session
cookies network.cookie.thirdparty.sessiononly default value: false true = restrict third party
cookies to the session only false = no restrictions on third party
cookies network.cookie.maxnumber default value: 1000 configures the maximum amount of
cookies to be stored valid range is from 0-65535, rfc 2109 and 2965 require this to be at least 300 network.cookie.maxperhost default value: 50 configures the maximum amount of
cookies to be stored per host valid range is from 0-65535, rfc 2109 and 2965 require this to be at least 20 network.cookie.disablecookieformailnews default value: true...
...And 3 more matches
Cookies - Archive of obsolete content
reading existing
cookies cookies for a given host, represented as nsicookie2 objects, can be enumerated as such: let enum = services.
cookies.get
cookiesfromhost("example.com"); while (enum.hasmoreelements()) { var cookie = enum.getnext().queryinterface(ci.nsicookie2); dump(cookie.host + ";" + cookie.name + "=" + cookie.value + "\n"); } all
cookies, regardless of host, can be enumerated using services.
cookies.enumerator rather than get
cookiesfromhost().
... services.
cookies.add(".host.example.com", "/cookie-path", "cookie_name", "cookie_value", is_secure, is_http_only, is_session, expiry_date); see also document.cookie nsicookie nsicookie2 nsi
cookieservice nsicookiemanager nsicookiemanager2 http
cookies ...
Cookies in Mozilla
creating a cookie log steps to create and attach a cookie log in order to aid in triaging a bug in
cookies.
...
cookies preferences in mozilla documentation on what the preferences used by the
cookies code actually do.
nsICookieManager2
to create an object implementing this interface: components.utils.import("resource://gre/modules/services.jsm"); var
cookieservice = services.
cookies; method overview void add(in autf8string ahost, in autf8string apath, in acstring aname, in acstring avalue, in boolean aissecure, in boolean aishttponly, in boolean aissession, in print64 aexpiry); boolean cookieexists(in nsicookie2 acookie); unsigned long count
cookiesfromhost(in autf8string ahost); boolean findmatchingcookie(in...
... nsicookie2 acookie, out unsigned long acountfromhost); obsolete since gecko 1.9 nsisimpleenumerator get
cookiesfromhost(in autf8string ahost); void import
cookies(in nsifile acookiefile); methods add() adds a cookie.
... nsi
cookieservice is the normal way to do this.
...And 15 more matches
Set-Cookie - HTTP
to send multiple
cookies, multiple set-cookie headers should be sent in the same response.
... for more information, see the guide on http
cookies.
... __secure- prefix:
cookies names starting with __secure- (dash is part of the prefix) must be set with the secure flag from a secure page (https).
...And 13 more matches
Document.cookie - Web APIs
the document property cookie lets you read and write
cookies associated with the document.
... it serves as a getter and setter for the actual values of the
cookies.
... syntax read all
cookies accessible from this location all
cookies = document.cookie; in the code above all
cookies is a string containing a semicolon-separated list of all
cookies (i.e.
...And 10 more matches
Using XPCOM Components
in fact, virtually all of the functionality that you associate with a browser - navigation, window management, managing
cookies, bookmarks, security, searching, rendering, and other features - is defined in xpcom components and accessed by means of those component interfaces.
...whenever a user accesses the cookie manager dialog to view, organize, or remove
cookies that have been stored on the system, they are using the cookiemanager component behind the scenes.
... the nsicookiemanager interface removeall remove all
cookies from the cookie list.
...And 9 more matches
Index
in fact, virtually all of the functionality that you associate with a browser - navigation, window management, managing
cookies, bookmarks, security, searching, rendering, and other features - is defined in xpcom components and accessed by means of those component interfaces.
...to create an instance, use: 448 nsicookie
cookies, interfaces, interfaces:scriptable, xpcom, xpcom api reference, xpcom interface reference an optional interface for accessing the http or javascript cookie object.
... 449 nsicookie2
cookies, interfaces, interfaces:scriptable, xpcom, xpcom api reference, xpcom interface reference the nsicookie2 interface provides information about a cookie, and extends the nsicookie interface.
...And 9 more matches
Migrating from Firebug - Firefox Developer Tools
they contain a headers, params, response and
cookies panel.
... storage inspector the
cookies panel in firebug displays information related to the
cookies created by a page and allows to manipulate the information they store.
...in contrast to firebug the storage inspector not only allows to inspect
cookies but also other kinds of storages like the local and session storage, the cache and indexeddb databases.
...And 8 more matches
Creating Sandboxed HTTP Connections
introduction starting with gecko 1.8.1 (firefox 2), it is possible to create sandboxed http connections which don't affect the user's
cookies.
... since nsistreamlistener does not cover
cookies, the current channel being used will need to be stored as a global, since another listener will be used for cookie notifications (covered in the next section).
... }) } handling
cookies when sending a request,
cookies that apply to the url are sent with the http request.
...And 7 more matches
Index - Web APIs
876 document.cookie api, dom, document, html dom, js, needsmarkupwork, reference, storage, cookie the document property cookie lets you read and write
cookies associated with the document.
... it serves as a getter and setter for the actual values of the
cookies.
... 877 simple cookie framework
cookies, cookie as
cookies are just specially formatted strings it is sometimes difficult to manage them.
...And 7 more matches
Types of attacks - Web security
the user's browser cannot detect the malicious script is untrustworthy, and so gives it access to any
cookies, session tokens, or other sensitive site-specific information, or lets the malicious script rewrite the html content.
...the variety of attacks based on xss is almost limitless, but they commonly include transmitting private data like
cookies or other session information to the attacker, redirecting the victim to a webpage controlled by the attacker, or performing other malicious operations on the user's machine under the guise of the vulnerable site.
...in this situation, someone includes an image that isn’t really an image (for example in an unfiltered chat or forum), instead it really is a request to your bank’s server to withdraw money: <img src="https://bank.example.com/withdraw?account=bob&amount=1000000&for=mallory"> now, if you are logged into your bank account and your
cookies are still valid (and there is no other validation), you will transfer money as soon as you load the html that contains this image.
...And 5 more matches
XPCOM Examples - Archive of obsolete content
cookies next, we will get a list of
cookies that have been saved in the browser.
...it implements the nsicookiemanager interface which can be used to enumerate over all of the
cookies.
... here is an example which populates a menu list with the names of all of the
cookies set from mozillazine.
...And 4 more matches
Cross-Origin Resource Sharing (CORS) - HTTP
servers can also inform clients whether "credentials" (such as
cookies and http authentication) should be sent with requests.
... requests with credentials the most interesting capability exposed by both xmlhttprequest or fetch and cors is the ability to make "credentialed" requests that are aware of http
cookies and http authentication information.
... in this example, content originally loaded from http://foo.example makes a simple get request to a resource on http://bar.other which sets
cookies.
...And 4 more matches
Storage Inspector - Firefox Developer Tools
cookies — all the
cookies created by the page or any iframes inside of the page.
...
cookies created as a part of response of network calls are also listed, but only for calls that happened while the tool is open.
...for
cookies, the protocol does not differentiate the origin.
...And 3 more matches
Storage Access API - Web APIs
concepts and usage most browsers implement a number of storage access policies that restrict access to
cookies and site data for embedded, cross-origin resources.
... the semantics around third-party cookie blocking policies in particular differ from browser to browser, but the core functionality is similar: cross-origin resources embedded in a third-party context are not given access to the same
cookies and site storage that they would have access to when loaded in a first-party context.
...as an example, federated logins often require access to authentication
cookies stored in first-party storage, and will require the user to sign in on each site separately (or completely break) if those
cookies are not available.
...And 3 more matches
Clear-Site-Data - HTTP
the clear-site-data header clears browsing data (
cookies, storage, cache) associated with the requesting website.
... // single directive clear-site-data: "cache" // multiple directives (comma separated) clear-site-data: "cache", "
cookies" // wild card clear-site-data: "*" directives all directives must comply with the quoted-string grammar.
... "
cookies" indicates that the server wishes to remove all
cookies for the origin of the response url.
...And 3 more matches
HTTP Index - HTTP
45 http
cookies advertising, browser,
cookies,
cookies article, guide, http, history, javascript, privacy, protocols, server, storage, web development, data, request, tracking an http cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser.
... 68 clear-site-data http, http header, reference, header the clear-site-data header clears browsing data (
cookies, storage, cache) associated with the requesting website.
... 109 cookie
cookies, http, reference, header, request the cookie http request header contains stored http
cookies previously sent by the server with the set-cookie header.
...And 3 more matches
Index - Archive of obsolete content
177
cookies add-ons, code snippets,
cookies, extensions no summary!
...the issue that is commonly overlooked here is that the rss feed could contain some malicious javascript code and it would then execute with the privileges of the extension — meaning that it would get full access to the browser (
cookies, history etc) and to user’s files.
...this includes
cookies, history information, download information, and so forth.
...And 2 more matches
Client-side storage - Learn web development
old school:
cookies the concept of client-side storage has been around for a long time.
... since the early days of the web, sites have used
cookies to store information to personalize user experience on websites.
... these days, there are easier mechanisms available for storing client-side data, therefore we won't be teaching you how to use
cookies in this article.
...And 2 more matches
Website security - Learn web development
if a user clicks the submit button, an http post request will be sent to the server containing the transaction details and any client-side
cookies that the browser associated with the site (adding associated site
cookies to requests is normal browser behavior).
... the server will check the
cookies, and use them to determine whether or not the user is logged in and has permission to make the transaction.
... note: the trick here is that john doesn't need to have access to the user's
cookies (or access credentials).
...And 2 more matches
Navigator.cookieEnabled - Web APIs
navigator.cookieenabled returns a boolean value that indicates whether
cookies are enabled or not.
... note: when the browser is configured to block third-party
cookies, and navigator.cookieenabled is invoked inside a third-party iframe, it returns true in safari, edge spartan and ie (while trying to set a cookie in such scenario would fail).
... note: web browsers may prevent writing certain
cookies in certain scenarios.
...And 2 more matches
Request.credentials - Web APIs
the credentials read-only property of the request interface indicates whether the user agent should send
cookies from the other domain in the case of cross-origin requests.
... syntax var mycred = request.credentials; value a requestcredentials dictionary value indicating whether the user agent should send
cookies from the other domain in the case of cross-origin requests.
... possible values are: omit: never send or receive
cookies.
...And 2 more matches
Index - HTTP
20 clear-site-data http, http header, reference, header the clear-site-data header clears browsing data (
cookies, storage, cache) associated with the requesting website.
... 54 cookie
cookies, http, reference, header, request the cookie http request header contains stored http
cookies previously sent by the server with the set-cookie header.
... 55 cookie2 http, obsolete, reference, header, request the obsolete cookie2 http request header used to advise the server that the user agent understands "new-style"
cookies, but nowadays user agents will use the cookie header instead, not this one.
...And 2 more matches
Client-Server Overview - Learn web development
client-side
cookies.
...
cookies contain session data about the client, including keys that the server can use to determine their login status and permissions/accesses to resources.
... the final line contains information about the client-side
cookies — you can see in this case the cookie includes an id for managing sessions (cookie: sessionid=6ynxs23n521lu21b1t136rhbv7ezngie; ...).
...url parameters or
cookies).
nsICookieManager
an optional interface for accessing or removing the
cookies that are in the cookie list.
...it is implemented by the @mozilla.org/cookiemanager;1 component, but should generally be accessed via services.
cookies method overview void remove(in autf8string ahost, in acstring aname, in autf8string apath, in boolean ablocked, in jsval aoriginattributes); void removeall(); attributes attribute type description enumerator nsisimpleenumerator called to enumerate through each cookie in the cookie list.
... ablocked indicates if
cookies from this host should be permanently blocked.
... removeall() this method is called to remove all
cookies from the cookie list.
Web Console remoting - Firefox Developer Tools
examples: { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "requestheaders", "headers": 10, "headerssize": 425 }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "request
cookies", "
cookies": 0 }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "requestpostdata", "datasize": 1024, "discardrequestbody": false }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "responsestart", "response": { "httpversion": "http/1.1", "status": "304", "statustext": "not modified", "headerssize": 194, ...
..."discardresponsebody": true } }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "eventtimings", "totaltime": 1 }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "responseheaders", "headers": 6, "headerssize": 194 }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "response
cookies", "
cookies": 0 }, { "from": "conn0.netevent14", "type": "networkeventupdate", "updatetype": "responsecontent", "mimetype": "text/css", "contentsize": 0, "discardresponsebody": true } actual headers,
cookies, and bodies are not sent.
... ], "headerssize": 350 } the getrequest
cookies packet: { "to": "conn0.netevent15", "type": "getrequest
cookies" } { "from": "conn0.netevent15", "
cookies": [] } the getresponseheaders packet: { "to": "conn0.netevent15", "type": "getresponseheaders" } { "from": "conn0.netevent15", "headers": [ { "name": "date", "value": "mon, 17 sep 2012 20:05:27 gmt" }, ...
... ], "headerssize": 320 } the getresponse
cookies packet: { "to": "conn0.netevent15", "type": "getresponse
cookies" } { "from": "conn0.netevent15", "
cookies": [] } starting with firefox 19: for all of the header and cookie values in the above packets we use longstringactor grips when the value is very long.
Using the Storage Access API - Web APIs
usage notes the storage access api is designed to allow embedded content to request access to storage that would otherwise be blocked when a user’s browser is set to block all third-party
cookies.
...this is particularly true for document.cookie access, as browsers will often return an empty cookie jar when third-party
cookies are blocked.
... accessing a user's
cookies in an embedded cross-origin iframe in this example we show how an embedded cross-origin <iframe> can access a user’s
cookies under a storage access policy that blocks third-party
cookies.
... first of all, if the <iframe> is sandboxed, the embedding website needs to add the allow-storage-access-by-user-activation sandbox token to allow storage access requests to be successful, along with allow-scripts and allow-same-origin to allow it to call the api, and execute in an origin that can have
cookies: <iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin"> ...
HTTP headers - HTTP
cookies, storage, cache) associated with the requesting website.
... max-forwards
cookies cookie contains stored http
cookies previously sent by the server with the set-cookie header.
... set-cookie send
cookies from the server to the user-agent.
... set-cookie2 sends
cookies from the server to the user-agent, but has been obsoleted.
An overview of HTTP - HTTP
but while the core of http itself is stateless, http
cookies allow the use of stateful sessions.
... using header extensibility, http
cookies are added to the workflow, allowing session creation on each http request to share the same context, or the same state.
...basic authentication may be provided by http, either using the www-authenticate and similar headers, or by setting a specific session using http
cookies.
... sessions using http
cookies allows you to link requests with the state of the server.
Proxy - JavaScript
// [{ name: 'firefox', type: 'browser' }, { name: 'seamonkey', type: 'browser' }] console.log(products.types); // ['browser', 'mailer'] console.log(products.number); // 3 a complete traps list example now in order to create a complete sample traps list, for didactic purposes, we will try to proxify a non-native object that is particularly suited to this type of operation: the doc
cookies global object created by the "little framework" published on the document.cookie page.
... /* var doc
cookies = ...
... get the "doc
cookies" object here: https://developer.mozilla.org/docs/dom/document.cookie#a_little_framework.3a_a_complete_
cookies_reader.2fwriter_with_full_unicode_support */ var doc
cookies = new proxy(doc
cookies, { get: function (otarget, skey) { return otarget[skey] || otarget.getitem(skey) || undefined; }, set: function (otarget, skey, vvalue) { if (skey in otarget) { return false; } return otarget.setitem(skey, vvalue); }, deleteproperty: function (otarget, skey) { if (skey in otarget) { return false; } return otarget.removeitem(skey); }, enumerate: function (otarget, skey) { return otarget.keys(); }, ownkeys: function (otarget, skey) { return otarget.keys(); }, has: function (otarget, skey) { return skey in otarget || otarget.hasitem(...
...{ value: vvalue, writable: true, enumerable: true, configurable: false } : undefined; }, }); /*
cookies test */ console.log(doc
cookies.my_cookie1 = 'first value'); console.log(doc
cookies.getitem('my_cookie1')); doc
cookies.setitem('my_cookie1', 'changed value'); console.log(doc
cookies.my_cookie1); specifications specification ecmascript (ecma-262)the definition of 'proxy' in that specification.
net/xhr - Archive of obsolete content
if transmission of
cookies isn't prevented, malicious code could access sensitive data.
... functions forceallowthirdpartycookie(xhr) force relevant
cookies to be sent with this xmlhttprequest even if normally they would not be.
... parameters xhr: xmlhttprequest the xmlhttprequest to allow third-party
cookies for.
Supporting private browsing mode - Archive of obsolete content
this includes
cookies, history information, download information, and so forth.
... when private browsing mode is enabled, temporary, databases are created to be used for
cookies and local storage; these databases are thrown away when private browsing mode is turned off, and the regular databases are re-activated.
... all data related to pages the user has visited, including
cookies and form data.
Cookie - MDN Web Docs Glossary: Definitions of Web-related terms
cookies are used to personalize a user’s web experience with a website.
...a user can customize their web browser to accept, reject, or delete
cookies.
...
cookies can be set and modified at the server level using the set-cookie http header, or with javascript using document.cookie.
Commenting IDL for better documentation
example this is an example of what the sample interface document idl would look like: /** * @brief a make-believe interface that eats and enjoys
cookies.
... * 0 means "stuffed to the brim with
cookies" and 100 means "i'm so empty of *
cookies!
... * * @param language the localization identification indicating the language in * which the cookie monster is to express his love of
cookies.
Blocked: All storage access requests
message firefox: cookieblockedall=request to access
cookies or storage on “x” was blocked because we are blocking all storage access requests.
... a request to access
cookies or storage was blocked because the browser is blocking all storage access.
... the permission can be changed or removed by: going to preferences > content blocking in the custom content blocking section, selecting a value other than all
cookies for the
cookies item if the resource that is being blocked doesn't need authentication, you can fix the warning message by adding a crossorigin="anonymous" attribute to your element.
Blocked: Custom cookie permission
message firefox: cookieblockedbypermission=request to access
cookies or storage on “x” was blocked because of custom cookie permission.
... a request to access
cookies or storage was blocked because there's a custom user-defined permission set.
... the permission can be changed or removed by: going to preferences > content blocking >
cookies and site data clicking on the manage permissions button and updating the listed exceptions ...
Blocked: All third-party storage access requests
message firefox: cookieblockedforeign=request to access
cookies or storage on “x” was blocked because we are blocking all third-party storage access requests and content blocking is enabled.
... a request to access
cookies or storage was blocked because it came from a third-party (a different origin) and content blocking is enabled.
... the permission can be changed or removed by: going to preferences > content blocking and either adding an exception with the manage exceptions… button choosing the custom content blocking and unchecking the
cookies checkbox if the resource that is being blocked doesn't need authentication, you can fix the warning message by adding a crossorigin="anonymous" attribute to the relevant element.
nsICookiePermission
methods canaccess() tests whether or not the given uri/channel may access the cookie database, either to set or get
cookies.
... nscookieaccess canaccess( in nsiuri auri, in nsiuri afirsturi, obsolete since gecko 1.9 in nsichannel achannel ); parameters auri the uri trying to access
cookies.
...nsiuri getoriginatinguri( in nsichannel achannel ); parameters achannel the channel for the load trying to get or set
cookies.
nsICookiePromptService
last changed in gecko 1.9 (firefox 3) inherits from: nsisupports method overview long cookiedialog(in nsidomwindow parent, in nsicookie cookie, in acstring hostname, in long
cookiesfromhost, in boolean changingcookie, out boolean rememberdecision); constants constant value description deny_cookie 0 holds the value for a denying the cookie.
... long cookiedialog( in nsidomwindow parent, in nsicookie cookie, in acstring hostname, in long
cookiesfromhost, in boolean changingcookie, out boolean rememberdecision ); parameters parent the parent window for the dialog.
...
cookiesfromhost the number of
cookies there are already for this host.
Mozilla
cookies in mozilla suggestions as to needed documentation can be directed to mike connor.
...
cookies preferences in mozilla these preferences apply to most mozilla products (including firefox and seamonkey), however they are application-specific, so not all of them may apply to you.
... creating sandboxed http connections starting with gecko 1.8.1 (firefox 2), it is possible to create sandboxed http connections which don't affect the user's
cookies.
Index - Firefox Developer Tools
105 storage inspector
cookies, dev tools, firefox, guide, indexeddb, local storage, session storage, storage, tools the storage inspector enables you to inspect various types of storage that a web page can use.
...for each resource, you'll see: 107
cookies cookies, dev tools, firefox, guide, storage, storage inspector, tools, l10n:priority when you select an origin inside the
cookies storage type from the storage tree, all the
cookies present for that origin will be listed in a table.
... the
cookies table has the following columns: 108 extension storage dev tools, extension storage, firefox, guide, storage, storage inspector, tools, l10n:priority this storage type is only shown when debugging extensions.
Network request details - Firefox Developer Tools
the tabs at the top of this pane enable you to switch between the following pages: headers messages (only for websocket items)
cookies params response cache timings security (only for secure pages) stack trace (only when the request has a stack trace, e.g.
...
cookies tab this tab lists full details of any
cookies sent with the request or response: as with headers, you can filter the list of
cookies displayed.
... the full list of cookie attributes is shown—see the following screenshot showing response
cookies with further attributes shown.
Using Fetch - Web APIs
fetch() won't can receive cross-site
cookies; you can’t can establish a cross site session using fetch.
... fetch won’t send
cookies, unless you set the credentials init option.
...similarly, inserting set-cookie into a response header is not allowed: serviceworkers are not allowed to set
cookies via synthesized responses.
Fetch API - Web APIs
fetch() won't can receive cross-site
cookies; you can’t can establish a cross site session using fetch.
... fetch() won’t send
cookies, unless you set credentials: 'same-origin'.
... if you are targetting older versions of these browsers, be sure to include credentials: 'same-origin' init option on all api requests that may be affected by
cookies/user login state.
Browser storage limits and eviction criteria - Web APIs
we term them "quota clients" in this context: indexeddb asm.js caching cache api
cookies note: in firefox, web storage will soon start to use the same storage management tools too, as described in this document.
...local storage data and
cookies are still stored, but they are ephemeral — the data is deleted when you close the last private browsing window.
...this will only be evicted if the user chooses to (for example, in firefox you can choose to delete all stored data or only stored data from selected origins by going to preferences and using the options under privacy & security >
cookies & site data).
XMLHttpRequest.withCredentials - Web APIs
the xmlhttprequest.withcredentials property is a boolean that indicates whether or not cross-site access-control requests should be made using credentials such as
cookies, authorization headers or tls client certificates.
... in addition, this flag is also used to indicate when
cookies are to be ignored in the response.
...the third-party
cookies obtained by setting withcredentials to true will still honor same-origin policy and hence can not be accessed by the requesting script through document.cookie or from response headers.
Link prefetching FAQ - HTTP
privacy implications along with the referral and url-following implications already mentioned above, prefetching will generally cause the
cookies of the prefetched site to be accessed.
... (for example, if you google amazon, the google results page will prefetch www.amazon.com, causing amazon
cookies to be sent back and forth.
... you can block 3rd party
cookies in firefox, see disabling third party
cookies.) what about...?
Source code directories overview - Archive of obsolete content
these include:
cookies, irc, wallet, dom inspector, p3p, schema validation, spellchecker, transformiix, typeaheadfind, javascript debugger, xforms, etc.
... components contains the alerts, autocomplete, command line interface, console,
cookies, download manager, filepicker, history, password manager, typeaheadfind, view source, etc.
XUL accessibility guidelines - Archive of obsolete content
for example, under the privacy section of preferences there are three groupboxes captioned: history,
cookies, and private data.
... if the user were to tab to the "exceptions..." button they would hear "
cookies {pause} exceptions {pause} button." the next tab would read "
cookies {pause} keep until {pause} they expire {pause} one of three {pause} combobox." if the screen reader only read the label, then the user would have to guess what the "exceptions" button or the "keep until" combobox was referring to.
NPN_GetValueForURL - Archive of obsolete content
« gecko plugin api reference « browser side plug-in api summary provides information to a plugin which is associated with a given url, for example the
cookies or preferred proxy.
... when multiple
cookies are returned for a given url, the format of the return value is: cookie1=value1;cookie2=value2;cookie3=value3 len out parameter.
NPN_SetValueForURL - Archive of obsolete content
« gecko plugin api reference « browser side plug-in api summary allows a plugin to change the stored information associated with a url, in particular its
cookies.
... description this entry point is designed to allow plugins to affect the
cookies sent by the browser back to the server.
NPAPI plugin reference - Archive of obsolete content
npn_getvalueforurl provides information to a plugin which is associated with a given url, for example the
cookies or preferred proxy.
... npn_setvalueforurl allows a plugin to change the stored information associated with a url, in particular its
cookies.
Introduction to the server side - Learn web development
the request includes a url identifying the affected resource, a method that defines the required action (for example to get, delete, or post the resource), and may include additional information encoded in url parameters (the field-value pairs sent via a query string), as post data (data sent by the http post method), or in associated
cookies.
...this information is an example of session information stored in
cookies.
Embedding API for Accessibility
us (or will give us), for accessibility: functionality implementation works as of images setintpref("network.image.imagebehavior", behavior); /* behavior: 0=accept, 1=accept images from originating server only, 2=no images */ moz 0.8
cookies setintpref("network.cookie.cookiebehavior", behavior); /* behavior: 0=accept, 1=accept
cookies from originating server only, 2=no
cookies */ setboolpref("network.cookie.warnabout
cookies", boolwarn); moz 0.8 fonts setcharpref("font.name.monospace.x-we...
... we have a permissions system for
cookies and images based on url's.
Blocked: Storage access requests from trackers
message firefox: cookieblockedtracker=request to access
cookies or storage on “x” was blocked because it came from a tracker and content blocking is enabled.
... a request to access
cookies or storage was blocked because the browser identified it as coming from a tracker and content blocking is enabled.
HTMLIFrameElement.purgeHistory()
it only deletes history, not
cookies or other stored information.
... note: to delete
cookies for a firefox os app, you could call clearbrowserdata() on the actual app itself.
Localization content best practices
as a native english speaker, you might find it natural to use delete-cookie = delete cookie delete-
cookies = delete
cookies in firefox this should be # localization note (delete-
cookies): semi-colon list of plural forms.
... # see: http://developer.mozilla.org/en/docs/localization_and_plurals # #1 is the number of
cookies to delete # example: delete-
cookies = delete #1 cookie;delete #1
cookies important: always include the localization note with this format if you use a plural form in firefox.
Mozilla Web Services Security Model
please do not depend on anything in it being correct for security.) to prevent the browser from being used as a tool for web sites to obtain priveleges that belong to the browser's user (such as being behind a firewall or getting the benefits of the user's
cookies), web browsers restrict what web pages can do when accessing things in other domains.
... allow all services on a site to be accessed from any web page note that this is only a sensible thing to do if nothing on the site serves content based on
cookies, http authentication, ip address / domain origin, or any other method of authentication.
Observer Notifications
cookies these topics indicate whenever a cookie has been changed (added, changed, cleared, or deleted) or its setting rejected by the browser.
... see nsi
cookieservice for details.
nsICookieConsent
ns
cookiestatus getconsent( in nsiuri uri, in nsihttpchannel httpchannel, in boolean isforeign, out nscookiepolicy policy ); parameters uri the uri to find the policy for.
... return value returns ns
cookiestatus.
nsISessionStore
note: the returned string does not include
cookies.
... if you need to retrieve
cookies as well, you should use getwindowstate() instead.
nsIWebBrowserPersist
persist_flags_force_allow_
cookies 65536 force relevant
cookies to be sent with this load even if normally they wouldn't be.
...
cookies, permanent cache, etc.) null must only be passed in the event that no such relevant context exists (ie.
Browser Side Plug-in API - Plugins
npn_getvalueforurl provides information to a plug-in which is associated with a given url, for example the
cookies or preferred proxy.
... npn_setvalueforurl allows a plug-in to change the stored information associated with a url, in particular its
cookies.
Gecko Plugin API Reference - Plugins
npn_getvalueforurl provides information to a plug-in which is associated with a given url, for example the
cookies or preferred proxy.
... npn_setvalueforurl allows a plug-in to change the stored information associated with a url, in particular its
cookies.
Basic concepts - Web APIs
<iframe> content) can access the indexeddb store for the origin it is embedded into, unless the browser is set to never accept third party
cookies (see bug 1147821.) definitions this section defines and explains terms used in the indexeddb api.
...many browsers have settings that let users wipe all data stored for a given website, including
cookies, bookmarks, stored passwords, and indexeddb data.
Web Storage API - Web APIs
the web storage api provides mechanisms by which browsers can store key/value pairs, in a much more intuitive fashion than using
cookies.
... note: access to web storage from third-party iframes is denied if the user has disabled third-party
cookies (firefox implements this behaviour from version 43 onwards.) note: web storage is not the same as mozstorage (mozilla's xpcom interfaces to sqlite) or the session store api (an xpcom storage utility for use by extensions).
XMLHttpRequest() - Web APIs
most important, this means that
cookies will not be sent unless explicitly added using setrequestheader.
...this can't be combined with sending
cookies or other user credentials.
<img>: The Image Embed element - HTML: Hypertext Markup Language
allowed values: anonymous a cors request is sent with credentials omitted (that is, no
cookies, x.509 certificates, or authorization request header).
... use-credentials the cors request is sent with any credentials included (that is,
cookies, x.509 certificates, and the authorization request header).
Cookie - HTTP
the cookie http request header contains stored http
cookies previously sent by the server with the set-cookie header.
... the cookie header is optional and may be omitted if, for example, the browser's privacy settings block
cookies.
Set-Cookie2 - HTTP
the obsolete set-cookie2 http response header used to send
cookies from the server to the user agent, but has been deprecated by the specification.
...<non-zero-digit> set-cookie2: <cookie-name>=<cookie-value>; path=<path-value> set-cookie2: <cookie-name>=<cookie-value>; port=<port-number> set-cookie2: <cookie-name>=<cookie-value>; secure set-cookie2: <cookie-name>=<cookie-value>; version=<version-number> // multiple directives are also possible, for example: set-cookie2: <cookie-name>=<cookie-value>; domain=<domain-value>; secure // multiple
cookies are seperated by a comma set-cookie2: <cookie-name>=<cookie-value>, <cookie-name>=<cookie-value>, ...
431 Request Header Fields Too Large - HTTP
this lets users attempt to fix the problem, such as by clearing their
cookies.
... servers will often produce this status if: the referer url is too long there are too many
cookies sent in the request status 431 request header fields too large specifications specification title rfc 6585, section 5: 431 request header fields too large additional http status codes ...
Mixed content - Web security
in the case of passive content, the threat is lower (the page may contain misleading content, or the user's
cookies may be stolen).
...if the webpage is public and has no sensitive data about the user, using mixed active content still provides the attacker with the opportunity to redirect the user to other http pages and steal http
cookies from those sites.
request - Archive of obsolete content
se to be interpreted as latin-1, use overridemimetype: var request = require("sdk/request").request; var quijote = request({ url: "http://www.latin1files.org/quijote.txt", overridemimetype: "text/plain; charset=latin1", oncomplete: function (response) { console.log(response.text); } }); quijote.get(); anonymous boolean if true, the request will be sent without
cookies or authentication headers.
Code snippets - Archive of obsolete content
browser-oriented code tabbed browser code (firefox/seamonkey) basic operations, such as page loading, with the tabbed browser, which is the heart of mozilla's browser applications
cookies reading, writing, modifying, and removing
cookies page loading code used to load pages, reload pages, and listen for page loads interaction between privileged and non-privileged code how to communicate from extensions to websites and vice-versa.
Index of archived content - Archive of obsolete content
ooting unit testing using xpcom without chrome using third-party modules (jpm) bootstrapped extensions code snippets alerts and notifications autocomplete bookmarks boxes canvas code snippets
cookies customizing the download progress bar delayed execution dialogs and prompts downloading files drag & drop embedding svg examples and demos from articles file i/o finding window handles forms related code snippets html in xul for rich tooltips html to dom ...
MenuButtons - Archive of obsolete content
<toolbarbutton type="menu" image="
cookies.png"> <menupopup> <menuitem label="block
cookies" type="checkbox"/> <menuitem label="clear
cookies"/> </menupopup> </toolbarbutton> the 'menu-button' button the 'menu-button' type of button is used when you want to attach a menu to a button but want to have a default action carried out when the button is pressed by itself.
Session Hijacking - MDN Web Docs Glossary: Definitions of Web-related terms
protection against session hijacking create a secure communication channel with ssh (secure shell) pass authentication
cookies over https connection implement logout functionality so the user can end the session generate the session id after successful login pass encrypted data between the users and the web server use a string or long random number as a session key learn more general knowledge session hijacking on wikipedia ...
Making decisions in your code — conditionals - Learn web development
tay in my home country and work on my father's farm, or should i move to america and study astrophysics?") conditional statements allow us to represent such decision making in javascript, from the choice that must be made (for example, "one cookie or two"), to the resulting outcome of those choices (perhaps the outcome of "ate one cookie" might be "still felt hungry", and the outcome of "ate two
cookies" might be "felt full, but mom scolded me for eating all the
cookies".) if...else statements let's look at by far the most common type of conditional statement you'll use in javascript — the humble if...else statement.
Implementing feature detection - Learn web development
if you look at the dom inspector of your browser's developer tools, you'll see that modernizr has updated your <html> class value like so: <html class="js no-htmlimports sizes flash transferables applicationcache blobconstructor blob-constructor
cookies cors ...and loads more values!> it now contains a large number of classes that indicate the support status of different technology features.
Index
170 storage access policy: block
cookies from trackers privacy, storage access policy, tracking protection firefox includes a new storage access policy that blocks
cookies and other site data from third-party tracking resources.
Errors
you can find further information about them by clicking on the links below: a request to access
cookies or storage was blocked because of a custom cookie permission blocked because it came from a tracker and content blocking is enabled blocked because we are blocking all storage access requests blocked because we are blocking all third-party storage access requests and content blocking is enabled granted partitioned access because it came from a third-party and dynamic first-party isolation is enabled ...
Tracking Protection
if tracking
cookies were present, you would be able to view the list by clicking on "blocking tracking
cookies" in the above image to view the following popup: you can click "manage content blocking" to change the blocking settings: how does firefox choose what to block?
Privacy
storage access policy: block
cookies from trackerstracking protection ...
Firefox Operational Information Database: SQLite
in the manager, select the database you want to explore in the '(select profile database)' pulldown, click 'go', select one of the tables listed in the left column and see the current contents of the database in the 'browse & search' tab.) some databases are used by the browser itself, others are used by applications that you have installed or used; for example: content-prefs.sqlite
cookies.sqlite download.sqlite formhistory.sqlite persmissions.sqlite places.sqlite search.sqlite signons.sqlite webappstore.sqlite ...
Browser API
htmliframeelement.purgehistory() clears all the resources (
cookies, localstorage, cache, etc.) associated with the browser <iframe>.
Services.jsm
ation shell service blocklist nsiblocklistservice blocklist service cache nsicacheservice cache service cache2 nsicachestorageservice cache storage service clipboard nsiclipboard clipboard console nsiconsoleservice error console service contentprefs nsicontentprefservice content preferences service
cookies nsicookiemanager2 cookie manager 2 service cpmm nsimessagesender child process message manager4 crashmanager crashmanager.jsm dirsvc nsidirectoryservice nsiproperties directory service domstoragemanager nsidomstoragemanager dom storage manager domrequest nsidomrequestservice domrequest service download...
JS::CompileOptions
this allows an attack by which a malicious website loads a sensitive file (say, a bank statement) cross-origin (using the user's
cookies), and sniffs the generated syntax errors (via a window.onerror handler) for juicy morsels of its contents.
JSErrorReport
this allows an attack by which a malicious website loads a sensitive file (say, a bank statement) cross-origin (using the user's
cookies), and sniffs the generated syntax errors (via a window.onerror handler) for juicy morsels of its contents.
nsICookie
status ns
cookiestatus holds the p3p status of cookie.
nsICookie2
note: that expiry time will also be honored for session
cookies; thus, whichever is the more restrictive of the two will take effect.
getFile
dir "tmpls" ns_win_common_startmenu_dir "cmstrt" ns_win_common_programs_dir "cmprgs" ns_win_common_startup_dir "cmstrt" ns_win_common_desktop_directory "cmdeskp" ns_win_appdata_dir "appdata" ns_win_local_appdata_dir "localappdata" ns_win_printhood "prnthd" ns_win_
cookies_dir "cookd" available on unix only these locations are supported only on unix builds of firefox os.
nsIDocShell
internal_load_flags_force_allow_
cookies 0x20 used to indicate that load_flags_force_allow_
cookies was passed as one of the flags to loaduri().
nsIHttpChannel
this method allows, for example, the
cookies module to add "cookie" headers to the outgoing http request.
nsIHttpChannelInternal
forceallowthirdpartycookie boolean force relevant
cookies to be sent with this load even if normally they would not be.
nsIPermission
the nsipermission interface defines a "permission" object, which is used to allow or block objects (for example
cookies, images) from certain sites based on user preferences.
nsIPermissionManager
the nsipermissionmanager interface is used to persistently store permissions for different object types (
cookies, images, and so on) on a site-by-site basis.
nsIPrivateBrowsingService
in addition, temporary, databases are created to be used for
cookies and local storage; these databases are thrown away when private browsing mode is turned off, and the regular databases are re-activated.
nsIScriptableIO
for example: io.getfile("profile", "
cookies.txt"); from an xpcom component, however, you will need to get a reference as with other components: var scriptableio = components.classes["@mozilla.org/io/scriptable-io;1"] .getservice(); scriptableio.getfile("profile", "
cookies.txt"); method overview nsifile getfile(in astring alocation, in astring afilename); nsifile getfilewithpath(...
nsIXMLHttpRequest
for instance, as done in example 2, the flag of load_anonymous is added, this strips all user data (
cookies, tokens, etc).
XPCOM Interface Reference
sicontentprefnsicontentprefcallback2nsicontentprefobservernsicontentprefservicensicontentprefservice2nsicontentsecuritypolicynsicontentsniffernsicontentviewnsicontentviewmanagernsicontentviewernsicontrollernsicontrollersnsiconverterinputstreamnsiconverteroutputstreamnsicookiensicookie2nsicookieacceptdialognsicookieconsentnsicookiemanagernsicookiemanager2nsicookiepermissionnsicookiepromptservicensi
cookieservicensi
cookiestoragensicrashreporternsicryptohmacnsicryptohashnsicurrentcharsetlistenernsicyclecollectorlistenernsidbchangelistenernsidbfolderinfonsidnslistenernsidnsrecordnsidnsrequestnsidnsservicensidomcanvasrenderingcontext2dnsidomchromewindownsidomclientrectnsidomdesktopnotificationnsidomdesktopnotificationcenternsidomelementnsidomeventnsidomeventgroupnsidomeventlistenernsidomeventtargetnsid...
XPCOM Interface Reference by grouping
nsiprotocolproxycallback nsiprotocolproxyfilter nsiprotocolproxyservice nsiproxyinfo preferences nsiiniparser nsiiniparserfactory nsiprefbranch nsiprefbranch2 nsipreflocalizedstring nsiprefservice nsistringbundle nsistringbundleservice security
cookies nsicookie nsicookie2 nsicookieacceptdialog nsicookieconsent nsicookiemanager nsicookiemanager2 nsicookiepermission nsicookiepromptservice nsi
cookieservice nsi
cookiestorage nsisessionstore crypto nsicryptohash ...
Index
18
cookies in thunderbird
cookies, guide, thunderbird in versions of thunderbird prior to 3 the cookie policy was very restrictive (to rss only).
Firefox Developer Tools
storage inspector inspect
cookies, local storage, indexeddb, and session storage present in a page.
Cache - Web APIs
console.error(' error in fetch handler:', error); throw error; }); }) ); }); storing
cookies in caches the fetch api requires set-cookie headers to be stripped before returning a response object from fetch().
Document.lastModified - Web APIs
here is a possible example of how to show an alert message when the page changes (see also: javascript
cookies api): if (date.parse(document.lastmodified) > parsefloat(document.cookie.replace(/(?:(?:^|.*;)\s*last_modif\s*\=\s*([^;]*).*$)|^.*$/, "$1") || "0")) { document.cookie = "last_modif=" + date.now() + "; expires=fri, 31 dec 9999 23:59:59 gmt; path=" + location.pathname; alert("this page has changed!"); } …the same example, but skipping the first visit: var nlastvisit = parsefloat(document...
Document.requestStorageAccess() - Web APIs
grant the document access to
cookies and other site storage and store that fact for the purposes of future calls to document.hasstorageaccess() and requeststorageaccess().
Document - Web APIs
document.cookie returns a semicolon-separated list of the
cookies for that document or sets a single cookie.
The HTML DOM API - Web APIs
among the things added to document by the html standard are: support for accessing various information provided by the http headers when loading the page, such as the location from which the document was loaded,
cookies, modification date, referring site, and so forth.
Using IndexedDB - Web APIs
<iframe> content) cannot access indexeddb if the browser is set to never accept third party
cookies (see bug 1147821.) warning about browser shutdown when the browser shuts down (because the user chose the quit or exit option), the disk containing the database is removed unexpectedly, or permissions are lost to the database store, the following things happen: each transaction on every affected database (or all open databases, in the case of browser shutdown) is aborted with an aborterror.
MediaDeviceInfo - Web APIs
it is reset when the user clears
cookies (for private browsing, a different identifier is used that is not persisted across sessions).
Navigator.sendBeacon() - Web APIs
window.addeventlistener("unload", function logdata() { navigator.sendbeacon("/log", analyticsdata); }); the beacon sends an http request via the post method, with all relevant
cookies available when called.
NavigatorStorage - Web APIs
there are many apis which provide ways for web content to store data on a user's computer, including
cookies, the web storage api (window.localstorage and window.sessionstorage), and indexeddb.
ParentNode.replaceChildren() - Web APIs
this html might look something like this: <h2>party food option list</h2> <main> <div> <label for="no">no thanks!</label> <select id="no" multiple size="10"> <option>apples</option> <option>oranges</option> <option>grapes</option> <option>bananas</option> <option>kiwi fruits</option> <option>chocolate
cookies</option> <option>peanut
cookies</option> <option>chocolate bars</option> <option>ham sandwiches</option> <option>cheese sandwiches</option> <option>falafel sandwiches</option> <option>ice cream</option> <option>jelly</option> <option>carrot sticks and houmous</option> <option>margherita pizza</option> <option>pepperoni pizza</option> ...
Window.open() - Web APIs
this function is the lonely key to get back the handle on a window if the developer has access only to its name (the name can be saved with
cookies or local storage but not the window object handle).
Window.sessionStorage - Web APIs
opening a page in a new tab or window creates a new session with the value of the top-level browsing context, which differs from how session
cookies work.
XMLHttpRequest - Web APIs
xmlhttprequest.withcredentials is a boolean that indicates whether or not cross-site access-control requests should be made using credentials such as
cookies or authorization headers.
HTML attribute: crossorigin - HTML: Hypertext Markup Language
the "anonymous" keyword means that there will be no exchange of user credentials via
cookies, client-side ssl certificates or http authentication as described in the terminology section of the cors specification, unless it is in the same origin.
<figure>: The Figure with Optional Caption element - HTML: Hypertext Markup Language
iful mdn logo."> <figcaption>mdn logo</figcaption> </figure> code snippets <figure> <figcaption>get browser details using <code>navigator</code>.</figcaption> <pre> function navigatorexample() { var txt; txt = "browser codename: " + navigator.appcodename + "; "; txt+= "browser name: " + navigator.appname + "; "; txt+= "browser version: " + navigator.appversion + "; "; txt+= "
cookies enabled: " + navigator.cookieenabled + "; "; txt+= "platform: " + navigator.platform + "; "; txt+= "user-agent header: " + navigator.useragent + "; "; console.log("navigatorexample", txt); } </pre> </figure> quotations <figure> <figcaption><cite>edsger dijkstra:</cite></figcaption> <blockquote>if debugging is the process of removing software bugs, then programming must be the...
Content Security Policy (CSP) - HTTP
a complete data transmission security strategy includes not only enforcing https for data transfer, but also marking all
cookies with the secure attribute and providing automatic redirects from http pages to their https counterparts.
Access-Control-Allow-Headers - HTTP
* (wildcard) the value "*" only counts as a special wildcard value for requests without credentials (requests without http
cookies or http authentication information).
Access-Control-Allow-Methods - HTTP
* (wildcard) the value "*" only counts as a special wildcard value for requests without credentials (requests without http
cookies or http authentication information).
Access-Control-Expose-Headers - HTTP
* (wildcard) the value "*" only counts as a special wildcard value for requests without credentials (requests without http
cookies or http authentication information).
Cookie2 - HTTP
the obsolete cookie2 http request header used to advise the server that the user agent understands "new-style"
cookies, but nowadays user agents will use the cookie header instead, not this one.
Redirections in HTTP - HTTP
…while chrome displays: this webpage has a redirect loop in both cases, the user can't do much (unless a corruption is happening on their side, like a mismatch of cache or
cookies).
HTTP resources and specifications - HTTP
rfc 7234 hypertext transfer protocol (http/1.1): caching proposed standard rfc 5861 http cache-control extensions for stale content informational rfc 8246 http immutable responses proposed standard rfc 7235 hypertext transfer protocol (http/1.1): authentication proposed standard rfc 6265 http state management mechanism defines
cookies proposed standard draft spec cookie prefixes ietf draft draft spec same-site
cookies ietf draft draft spec deprecate modification of 'secure'
cookies from non-secure origins ietf draft rfc 2145 use and interpretation of http version numbers informational rfc 6585 additional http status codes proposed standard r...
HTTP
http
cookies how
cookies work is defined by rfc 6265.
Subdomain takeovers - Web security
if an attacker can do this, they can potentially read
cookies set from the main domain, perform cross-site scripting, or circumvent content security policies, thereby enabling them to capture protected information (including logins) or send malicious content to unsuspecting users.
Web security
redirection with 301 and 302 response codes to be written data security using http
cookies an http cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser.