什么是Cookie（网页）？

A cookie is a file which is created by the web sites we have visited with our browser. This file or cookie contains some information about us and our visit for the specific web site. Cookies are very popular mechanisms used by web sites or web applications to store information and nearly every site creates some cookie web browser.

Cookie是由我们使用浏览器访问的网站创建的文件。 该文件或cookie包含有关我们以及我们对特定网站的访问的一些信息。 Cookies是网站或Web应用程序用于存储信息的非常流行的机制，几乎每个站点都会创建一些Cookie Web浏览器。

HTTP Cookie还是Web Cookie或浏览器Cookie？ (HTTP cookie or Web Cookie or Browser Cookie?)

Cookies do not have a specific naming where they can be named as HTTP Cookie,Web Cookie or Browser Cookie. Actually, all of these three names suits well for the cookie because it is related to all of them. So we can use HTTP Cookie,Web Cookie or Browser Cookie without problem all them names the same cookie.

Cookies没有特定的命名，可以将它们命名为HTTP Cookie ， Web Cookie或Browser Cookie 。 实际上，这三个名称都非常适合Cookie，因为它与它们都相关。 因此我们可以毫无问题地使用HTTP Cookie ， Web Cookie或Browser Cookie ，它们都使用相同的Cookie。

哪种类型的数据包含Cookie？ (What Type Of Data Contains A Cookie?)

We have defined a cookie as a file which contains some data about the user and web site. The stored cookie file is private for the given site or domain. So only the given web site or applications can read and change given cookie and related data. Below we can see cookies created by the microsoft.com web site.

我们已经将cookie定义为一个文件，其中包含有关用户和网站的一些数据。 对于指定的站点或域，存储的cookie文件是私有的。 因此，只有给定的网站或应用程序才能读取和更改给定的Cookie和相关数据。 在下面，我们可以看到microsoft.com网站创建的cookie。

What Type Of Data Contains A Cookie?

哪种类型的数据包含Cookie？

We can see from the screenshot that different variables like MSFPC, ONERFSSO, etc. are stored under www.mirosoft.com domain. The cookie variables can change for different web sites or domains. Here are the details for the MSFPC cookie variable.

从屏幕截图中我们可以看到，不同的变量(如MSFPC，ONERFSSO等)存储在www.mirosoft.com域下。 Cookie变量可以针对不同的网站或域进行更改。 以下是MSFPC cookie变量的详细信息。

Example Cookie Content

Cookie内容示例

We see that the following information is stored with the cookie variable.

我们看到以下信息与cookie变量一起存储。

• `Name` is the name of the cookie variable which is `MSFPC` in this example
  “名称”是Cookie变量的名称，在此示例中为“ MSFPC”
• `Content` is the real data the cookie variable stores and used by the web site or domain. In this example, data which starts with `GUID …` is used which is likely a unique identifier and other data
  “内容”是cookie变量存储并由网站或域使用的真实数据。 在此示例中，使用以“ GUID…”开头的数据，该数据可能是唯一标识符和其他数据
• `Path` is the hierarchical position of the cookie variable which is `/` or root in this case
  “路径”是Cookie变量的分层位置，在这种情况下为//或根
• `Domain` is the domain where the cookie variable belongs. In this example, the web site or domain is `www.microsoft.com`
  “域”是cookie变量所属的域。 在此示例中，网站或域为www.microsoft.com。
• `Send for` is used to specify the connection type like HTTP or HTTPS which is any kind which accepts both HTTP, HTTPS in this example
  “发送为”用于指定连接类型，例如HTTP或HTTPS，在本示例中，该连接类型是可以接受HTTP和HTTPS的任何类型
• `Accessible to script` is used set if it can be accessed by the JavaScript which runs on the given domain or web site.
  如果可在给定域或网站上运行JavaScript可以访问脚本，则使用“可访问脚本”设置。
• `Created` provides the date the cookie variable is created
  `Created'提供cookie变量的创建日期
• `Expires` provides the date the cookie variable expires which is generally 1 year in general cookies.
  Expires提供cookie变量的过期日期，一般cookie的日期通常为1年。

LEARN MORE  How To Scan Wordpress Sites With Wpscan (Tutorial) For Security Vulnerabilities?

了解更多信息如何使用Wpscan(教程)扫描Wordpress网站的安全漏洞？

在哪里使用Cookies？ (Where Cookies Used?)

Cookies can be used for different things according to a web site or web application. But cookie use cases can be listed as 3 main categories.

Cookies可以根据网站或Web应用程序用于不同的事物。 但是cookie用例可以列为3个主要类别。

• `Session Management` is the most popular way for cookies. Logins, Shopping Charts, Game Scores are some user sessions management data where cookies are used.
  会话管理是cookie的最流行方法。 登录名，购物图，游戏分数是一些使用cookie的用户会话管理数据。
• `Personalization` is another popular category for cookies. User preferences, themes and other settings related to the domain, web site or web application can be stored.
  “个性化”是Cookie的另一个热门类别。 可以存储与域，网站或Web应用程序相关的用户首选项，主题和其他设置。
• `Tracking` is a recent popular usage for cookies. Especially recording and analyzing user behavior is related to the tracking user.
  跟踪是cookie的最新流行用法。 特别是记录和分析用户行为与跟踪用户有关。

Cookie类型 (Cookie Types)

There is a different type of cookies for different use cases.

对于不同的用例，存在不同类型的cookie。

会话Cookie (Session Cookie)

A session cookie is a special cookie which does not contain Expires or Max-Age directive in HTTP request and response. Generally, a Session ID is provided with the Cookie directive.

会话cookie是一种特殊的cookie，在HTTP请求和响应中不包含Expires或Max-Age指令。 通常， Cookie指令提供会话ID。

永久性Cookie (Permanent Cookie)

By default, cookies are expired the browser is closed. If the Expires or Max-Age are used for a specified period of time the cookie will be permanent and do not delete after the current browser closed.

默认情况下，cookies会在浏览器关闭时过期。 如果在指定的时间段内使用Expires或Max-Age ，则cookie将是永久性的，并且在当前浏览器关闭后不会删除。

安全Cookie (Secure Cookie)

HTTPS is a secure protocol alternative and improvement to the HTTP protocol. Some cookies required to protected even in transmission by encrypting them with HTTPS. We can explicitly require a cookie to transmitted over HTTPS with secure cookies with the Secure option like below

HTTPS是安全的协议替代方案，是对HTTP协议的改进。 通过使用HTTPS对其进行加密，即使在传输过程中也需要保护某些cookie。 我们可以明确要求一个cookie，并使用如下所示的Secure选项通过安全cookie通过HTTPS进行传输

HTTPOnly Cookie(HTTPOnly Cookie)

Cookies can be manipulated with the JavaScript. This can create some attack surface like XSS attacks. We can prevent JavaScript to manipulate a cookie with the HTTPOnly directive.

Cookie可以使用JavaScript进行操作。 这会创建一些攻击面，例如XSS攻击。 我们可以防止JavaScript使用HTTPOnly指令来操作cookie。

在Google Chrome浏览器中列出Cookie (List Cookies In Google Chrome Browser)

Cookies can be listed in Google Chrome Browser in different ways but the easiest way is using address bar. We will type following address which will list all sites cookies in alphabetical order.

Cookie可以通过多种方式在Google Chrome浏览器中列出，但最简单的方法是使用地址栏。 我们将输入以下地址，该地址将按字母顺序列出所有网站的cookie。

chrome://settings/siteData

List Cookies In Google Chrome Browser

在Google Chrome浏览器中列出Cookie

在Mozilla Firefox浏览器中列出Cookie (List Cookies In Mozilla Firefox Browser)

We can list cookies in Mozilla Firefox Browser from the following URL which will navigate to the Privacy settings. Then we will click to the Manage Databutton like below.

我们可以从以下URL列出Mozilla Firefox浏览器中的cookie，这些URL将导航至“隐私”设置。 然后，我们将单击下面的“ Manage Data按钮。

about:preferences#privacy

Open Cookie List In Firefox

在Firefox中打开Cookie列表

LEARN MORE  How To Generate Random Numbers In Linux?

了解更多如何在Linux中生成随机数？

We will see the following screen which will list existing cookies, last used time and domain or web site.

我们将看到以下屏幕，其中列出了现有的Cookie，上次使用的时间以及域或网站。

Cookie List In Mozilla Firefox

Mozilla Firefox中的Cookie列表

翻译自: https://www.poftut.com/what-is-cookie-web-page/