Garo Garabedyan's Divergent Thinking Blog

View page redirection history and cookie setting times

leave a comment »

I want to express two ideas about web browser tools which are usable from professional web developers, but even from any web surfer.

For the user’s eye:

  1. Viewing all page redirections (history of the page) and manipulating them as strings, when some string is changed and pressed Enter the changed address is loaded on the current tab/ window.
  2. Cookie session viewer presenting information which web site sets which cookie(s) and how long they knew what are you doing. When in a web page is placed image to another domain (different from the page) to let the user choose to send or not the cookies (which are set by the domain hosting the image)- this will prevent the both domains understand is the user visiting them at same time is one person or not.

Why browsers (in default) send/ receive cookies to/ from third-party web resources: Same-Origin Policy and Third-party cookies.

1)

Many times web pages redirect visitors, mostly it is not bad, but when they sell web traffic it compromises the web surfing experience. I haven’t seen any web browser presenting all the page redirections, yet.

When the address of the page is from another page, capture the href value as a first redirection element, in order to capture changes of the address by JavaScript code in the page hosting the link.

When is executed a form from a page (loaded in the same browser), set as a first redirection element the action attribute of the form DOM element.

2)

It is important to have this tool because cookies are in general stored after the page which sets them is unloaded. I find it good to inform the user about the information that web sites can collect about him by any particular cookie’s life and the whole group of cookies set by a particular domain (every time the user visits a web page the server receives through HTTP all cookies and is free to set new ones; the web page can change the values and names of the cookies every time you attend a connection with it but this will not obstruct the ability of capturing as information as when there were no changes on the cookie names and values).

Web Cookies, in my opinion, does not have to store information about you, but only about your habits. In this way of thinking the cookie have to not contain any long strings of code which is unique for every visitor. The need of authorizing the visitor is fulfilled by hidden fields in forms and hrefs (links), which technique is multi platform and the unique codes are lost when you close the pages containing them, when you lose the ability to access a page through link or submit a cookie that contains a hidden field with session information.

Never the less it is not a good practice in web development view to store session information only in a cookie pair of name and value. After the boom of using Ajax techniques web developers face a new problem called Cross-site Request Forgery based on using Same-Origin Policy and executing forms/links with the cookies of the user who doesn’t know anything (which can be logged at the same time and this way making a lot of things with its account by knowing the forms and links- the interface of the web application).

Advertisements

Written by garabedyan

January 20, 2008 at 12:19

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s