Browse Prior Art Database

Browser cookies which help web servers alert users of potential security violations

IP.com Disclosure Number: IPCOM000014428D
Original Publication Date: 2001-Aug-01
Included in the Prior Art Database: 2003-Jun-19

Publishing Venue

IBM

Abstract

Browser cookies which help web servers alert users of potential security violations This disclosure considers the case of browser cookies and how they relate to personal security to the web user. Specifically, browser cookies are a convenience provided to the user, but can lead to security loopholes in some cases. First, this disclosure gives a simple overview of how cookies work. Second, the disclosure will point out possible security or privacy flaws revealed by cookies. Finally, a proposal for letting a user close or reduce the security exposure of cookies is given. When a browser user visits a web site, the web site typically will insert its personal cookie onto the users web browser cookie cache. This cookie may be a simple marker so that the web site can greet you by your name. Or, this cookie may hold additional information such as your user login and password, if you wish. Typically, the user is given this opportunity to accept this type of cookie with the option of "remember this information". Essentially, the user has given the web site permission to plant a detailed cookie specific to the user onto the user's hard drive. The next time the user visits the web site, the web server engine searches the cookie cache on the user's disk and seeks a cookie associated with itself. The browser security should not allow the web site to open up and read the cookies that belong to other web sites. However, this level of security does not quite please some people. There are browser plugins that will automatically flush the browser's cookie cache so that no sites can "snoop" other cookies. But as a result of this sweep, every time the user visits a web site, they must re-inform the web site as to their identity.