Extra: Set a Cookie

Not Graded: This activity is not required and is not graded. It may have self-reflection questions, but they are there only for your own learning.

Cookies are small text strings stored by your browser on the behalf of websites.

Software: Instructiosn are for Firefox, but most browsers should work. Note that Firefox blocks 3rd party cookies, so you will see less cookies on Firefox than on Chrome.

Steps

Look at cookies

Start by looking at some cookies for this website. Do the following while the course website is open.

  1. Open the developer tools (Ctrl-Shift-I)
  2. Open “Storage” tab
  3. Open “Cookies” on sidebar.
  4. Look at all the cookies stored by all UWaterloo websites, not just this page. Try clicking on the various cookies and seeing what is being stored.
    • Name is essentially the variable name of the cookie.
    • Value is the value the cookie is storing.
    • Domain is the website domain associated with this cookie. Note that the browser will only allow websites from this domain to access this cookie.
    • Secure indicates if the cookie must be sent encrypted (https) or if it can be sent without encryption (http) - see FireSheep below.
  5. Look at the cookies for another website.
  1. Download this example website by right clicking and selecting “Save page as”. It is an HTML page, so if you just click it will load. You need to save the text file to your local computer.
  2. Open the HTML file in the plain text editor of your choice.
  3. Change “JohnDoe” to any string of your choice.
  4. Use the steps above to see the content of your cookie.
  5. Visit a similar Example Cookie Page which picks a random number for you when you first visit. Subsiquent visits should show you the same number because the number is stored in a cookie.
    • Find 3 ways to make the site “forget” who you are. Try thinking like a normal user, the approaches need not be complex or overly technical.

Reflection questions

Learn more

  • FireSheep old attack where you could steal unencrypted Facebook cookies over wifi at coffee shops and take over other peoples’ Facebook logins. Facebook was encrypting pages but not cookies at the time.