May 03, 2018

Session, persistent, secure, first-party, third-party, zombie and super cookie

❑ Session cookie : The cookie where sensitive data is stored on the server.
* Alias : Session.
* Session : The connection state that the between the server and the client is maintained.
❍ Main purpose : Maintaining client information while connecting to the server.
❍ How to delete : Exit the browser. Log out. Expiration date arrive.
❍ How it works : The server generates a token, stores it, sends it to the client, and the client stores the token in the memory or disk. Each client can be distinguished by whether the server token and the client token is the same.
* Even if without a persistent connection such as TCP (disconnected environment) This allows server to distinguish each client.

❑ Persistent cookie : The cookie where sensitive data is stored on the client's disk.
* Alias : Cookie, Web cookie, Browser cookie.
❍ Main purpose : Functions for user convenience such as shopping cart and removing pop-up.
❍ How to delete : Expiration date arrive. Delete persistent cookie files directly.
❍ How it works : The server creates a cookie and sends it to the client, then the client stores the cookie. When the client sends the HTTP request to the server, the stored cookie is also sent.



Generally, the above two words are mainly used, but depending on the characteristics of the cookie, the following names are also used.

❑ Secure cookie : The cookie with secure proterty. It is sent only in HTTPS environment.

❑ First-party cookie : The cookie that the cookie's domain name matches the domain name in the address bar of a web browser.

❑ Third-party cookie : The cookie that the cookie's domain name is different from the domain name in the address bar of a web browser. Typically, this kind of cookie happens when a web page contains content from an external website such as advertisement.

❑ Zombie cookie : The Cookie that is automatically regenerated when deleted.

❑ Super cookie : The cookie that uses a top-level domain(public suffix) such as .com for the domain name. It can collect data from web pages that do not generate the cookie.