Re: interesting question re: cookies / SSL

JP May (jpm@rootworks.com)
Wed, 22 Apr 1998 11:45:03 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Henk P. Penning: "libwww-perl-5.32"
Previous message: Doug Monroe: "Re: interesting question re: cookies / SSL"

>JP May wrote:
>> 
>> Something the libwww list might know! ..
>> 
>> Does the Netscape browser 'keep' cookies it receiveds from *SSL* servers in a different location than the usual ordinary 'magic Cookie' text file?
>> 
>> Try it out - get a cookie from a https server and you won't find it in your 'magic Cookie' file.
>
>perhaps you're confusing the SSL issue with cookie expiration?
>That is...maybe the cookie issued by the SSL server simply expired?
>see:
>http://search.netscape.com/assist/security/faqs/cookies.html#how_long
>--
>Doug Monroe
>Lucent Technologies, Inc.

Good one Dough thanks.  The following two comments from the page you sent does suggest SSL cookies are stored unencrypted in the usual way, as cookies from regular sources. Please keep those inventions coming from Lucent BTW <:

Where are cookies stored? 
Cookie data is stored unencrypted on the user's hard drive (although during actual communication it is stored in memory). The filename is different for
each platform. For example, on Windows machines, cookie data is stored in a file called COOKIE.TXT. 

Can cookies be encrypted? 
While the cookie file itself is unencrypted on the user's computer, it can be encrypted between the user's computer and a Web site. [.. using SSL]

* * * * * * * * * * * * * * * * * * * * * * * * * * * *

Rootworks

Next message: Henk P. Penning: "libwww-perl-5.32"
Previous message: Doug Monroe: "Re: interesting question re: cookies / SSL"