Cookies and username ?

Discussion in 'privacy general' started by BartFan, Dec 25, 2005.

Thread Status:
Not open for further replies.
  1. BartFan

    BartFan Guest

    Hi..

    Just wondering... When someone connects to a site and accepts cookies to navigate or post, what's visible in the cookie/by the site?

    Is the username that's used on the originating computer visible in the cookie, or is it a site-generated username?

    For example, if simon and jack are two users on a xp machine, and jack connects to a website, accepts cookies, is the cookie something like number.jack@wilders.com ?
     
  2. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    It depends. Badly programmed sites sometimes have usernames in cookies (in some particularly bad instances, even more info, even passwords... :rolleyes:); it all depends on who programmed the sites and how he decided to implement that part. If the web site relies ONLY on something like the username to recognize a user (or if it uses only something like a sequential user "ID" number), then its mechanism is completely broken, as cookies can be changed (they are on the client) and all it would take to log as someone else is knowing his/her username or guessing his/her ID. Good programmed sites should identify the user with something not easy to guess and totally unrelated to any of the user information, for instance with a good and long random string (and it's not as easy as it sounds).
     
    Last edited: Dec 25, 2005
  3. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    yes, eg: Here is part from a cookie of mine from this site ~ Wilders:

    [deliberately changed numbers/letters just to indicate what it looks like]

    bbuserid
    000
    wilderssecurity.com/
    1111
    111111111111
    11111111
    11111111111
    1111111111
    *
    bbpassword
    111x11x111dd4xxx111xxx111xxx1ax1 [this being a l-o-n-g string of alpha/numeric characters ~ good ;) ]
    wilderssecurity.com/
    1111
    111111111111
    11111111
    11111111111
    1111111111

    TAS
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    The username of a cookie is whomever is logged in. For instance if the XP account jack is logged in the cookie file name will be jack@whatever domain. The exception would be a non-logged on user of Win9X....in which case the cookie file name will be anyuser@whatever domain.
     
  5. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Well, that's the file name of the cookie in Internet Explorer, other browsers behave utterly differently (usually not even creating a file for each server but putting them all in one text file). I'm not sure the question was related to the file name of the cookie instead of its contents.
     
Loading...
Thread Status:
Not open for further replies.