LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   "Secure" servers leaving cookies on my machine, am I worried about nothing? (https://www.linuxquestions.org/questions/linux-security-4/secure-servers-leaving-cookies-on-my-machine-am-i-worried-about-nothing-614278/)

Eternal_Newbie 01-17-2008 09:35 AM

"Secure" servers leaving cookies on my machine, am I worried about nothing? SOLVED
 
Hi, this is not a question about security on my machine per se, but rather a more general one. I hope that this is the correct forum.

I was cleaning up my cookies like I regularly do (FF 2.0.0.11, Slackware-current, if that's of interest), when I noticed several cookies that as far as I can tell are from servers I almost exclusively connect to using https. Some even were of the form "secure0.websitename.com" .

My question I guess, is isn't it lax for a secure server to be leaving cookies on your machine? Have I been reading too many scare stories about cookies, or is it one of those "1½ factor security" or "security through insanity" systems they talk about at The DailyWTF.

win32sux 01-17-2008 09:54 AM

There's no reason why you shouldn't have cookies from HTTPS sites. HTTPS is just HTTP tunnelled inside SSL. If a site requires the use of cookies in order to work right, it will almost certainly require them regardless of whether you use HTTP or HTTPS.

EDIT: Sorry, I think I had misunderstood your question. I think you were asking about HTTPS sites which don't clear their cookies when you log-out and stuff, right? In those cases, I think the danger really depends on the cookie - or more specifically - the information contained within it. There must also be server-side techniques to make things like cookie-theft hard to accomplish, as evidenced by a serious cookie problem Gmail had (and fixed) a while back.

Eternal_Newbie 01-17-2008 10:18 AM

Yes, That's what I was wondering, why they didn't clear their cookies when I log out. I could have stated it a bit more clearly. It's probably poor housekeeping, as you say. I suppose I will just have to check my cookies more regularly. Thanks for the reply.


All times are GMT -5. The time now is 07:29 PM.