Hi.. Just wondering... When someone connects to a site and accepts cookies to navigate or post, what's visible in the cookie/by the site? Is the username that's used on the originating computer visible in the cookie, or is it a site-generated username? For example, if simon and jack are two users on a xp machine, and jack connects to a website, accepts cookies, is the cookie something like number.jack@wilders.com ?
It depends. Badly programmed sites sometimes have usernames in cookies (in some particularly bad instances, even more info, even passwords... ); it all depends on who programmed the sites and how he decided to implement that part. If the web site relies ONLY on something like the username to recognize a user (or if it uses only something like a sequential user "ID" number), then its mechanism is completely broken, as cookies can be changed (they are on the client) and all it would take to log as someone else is knowing his/her username or guessing his/her ID. Good programmed sites should identify the user with something not easy to guess and totally unrelated to any of the user information, for instance with a good and long random string (and it's not as easy as it sounds).
yes, eg: Here is part from a cookie of mine from this site ~ Wilders: [deliberately changed numbers/letters just to indicate what it looks like] bbuserid 000 wilderssecurity.com/ 1111 111111111111 11111111 11111111111 1111111111 * bbpassword 111x11x111dd4xxx111xxx111xxx1ax1 [this being a l-o-n-g string of alpha/numeric characters ~ good ] wilderssecurity.com/ 1111 111111111111 11111111 11111111111 1111111111 TAS
The username of a cookie is whomever is logged in. For instance if the XP account jack is logged in the cookie file name will be jack@whatever domain. The exception would be a non-logged on user of Win9X....in which case the cookie file name will be anyuser@whatever domain.
Well, that's the file name of the cookie in Internet Explorer, other browsers behave utterly differently (usually not even creating a file for each server but putting them all in one text file). I'm not sure the question was related to the file name of the cookie instead of its contents.