Content deleted Content added
Banjohunter (talk | contribs) Reverted good faith edits by 182.71.163.6: Not all persistent cookies are used for tracking. In fact, most persistent cookies are used for allowing automatic session establisment when the user returns to a website. (TW) |
|||
Line 55:
A "supercookie" is a cookie with an origin of a [[Top-level ___domain|Top-Level Domain]] (such as <code>.com</code>) or a [[Public Suffix List|Public Suffix]] (such as <code>.co.uk</code>). Ordinary cookies, by contrast, have an origin of a specific ___domain name, such as <code>example.com</code>.
Supercookies can be a potential security concern and are therefore often blocked by web browsers. If unblocked by the client computer, an attacker in control of a malicious website could set a supercookie and potentially disrupt or impersonate legitimate user requests to another website that shares the same Top-Level Domain or Public Suffix as the malicious website. For example, a supercookie with an origin of <code>.com</code>, could maliciously affect a request made to <code>example.com</code>, even if the cookie did not originate from <code>example.com</code>. This can be used to fake logins or change user information
<code>example.com</code>.
The [https://publicsuffix.org/learn/ Public Suffix List] helps to mitigate the risk that supercookies pose. The Public Suffix List is a cross-vendor initiative that aims to provide an accurate and up-to-date list of ___domain name suffixes. Older versions of browsers may not have an up-to-date list, and will therefore be vulnerable to supercookies from certain domains.
| |||