Content deleted Content added
Pleasancoder (talk | contribs) →Terminologies: Put back in Super cookie. The original reference says it all, though in a terse technical language. The edit history shows much confusions among editors. |
Pleasancoder (talk | contribs) m →Super cookie: link Public Suffix List |
||
Line 37:
=== Super cookie ===
A Super cookie is a cookie with a Public Suffix<ref name="publicsuffix">The Public Suffix List is an initiative of Mozilla, ...to Avoid privacy-damaging "supercookies" being set for high-level ___domain name suffixes... [http://publicsuffix.org/ Public Suffix List] Mozilla Foundation</ref> ___domain, like <code>.com</code>, <code>.co.uk</code> or <code>k12.ca.us</code>.
Most browsers, by default, allow first-party cookies—a cookie with ___domain to be the same or sub-___domain of the requesting host. For example, a user visiting <code>www.example.com</code> can have a cookie set with ___domain <code>www.example.com</code> or <code>.example.com</code>, but not <code>.com</code> <ref name="bug252342">Fix cookie ___domain checks to not allow .co.uk [https://bugzilla.mozilla.org/show_bug.cgi?id=252342 Mozilla Bug 252342] Mozilla 2004</ref>. A super cookie with ___domain <code>.com</code> would be blocked by browsers; otherwise, a malicious website, like <code>attacker.com</code>, could set a super cookie with ___domain <code>.com</code> and potentially disrupt or impersonate legitimate user requests to <code>example.com</code>. Unfortunately, the [[Public Suffix List]] keeps changing. Older versions of browsers will not have the most up-to-date list, and will therefore be vulnerable to certain super cookies.
=== Zombie cookie ===
| |||