Commit | Line | Data |
---|---|---|
a2916c06 MW |
1 | ~1[<!-- -*-html-*- |
2 | -- | |
3 | -- Information about cookies | |
4 | -- | |
5 | -- (c) 2013 Mark Wooding | |
6 | --> | |
7 | ||
8 | <!------- Licensing notice -------------------------------------------------- | |
9 | -- | |
10 | -- This file is part of Chopwood: a password-changing service. | |
11 | -- | |
12 | -- Chopwood is free software; you can redistribute it and/or modify | |
13 | -- it under the terms of the GNU Affero General Public License as | |
14 | -- published by the Free Software Foundation; either version 3 of the | |
15 | -- License, or (at your option) any later version. | |
16 | -- | |
17 | -- Chopwood is distributed in the hope that it will be useful, | |
18 | -- but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | -- GNU Affero General Public License for more details. | |
21 | -- | |
22 | -- You should have received a copy of the GNU Affero General Public | |
23 | -- License along with Chopwood; if not, see | |
24 | -- <http://www.gnu.org/licenses/>. | |
25 | -->~]~ | |
26 | ||
27 | <h1>Why and how Chopwood uses cookies</h1> | |
28 | ||
29 | <h2>Which cookies does Chopwood actually store?</h2> | |
30 | ||
31 | <p>Chopwood uses only one cookie, named <b>chpwd-token</b>. The cookie is | |
32 | stored with a maximum lifetime of 25 minutes: after this time, your browser | |
33 | should forget all about it (and the server will stop caring about what it | |
34 | means). | |
35 | ||
36 | <h2>What do you need this cookie for?</h2> | |
37 | ||
e8410ae0 MW |
38 | <p>The cookie contains a token which tells the server that you’ve |
39 | logged in properly. We could have chosen to use a hidden form field to | |
40 | carry this token about, but that causes other trouble. | |
a2916c06 MW |
41 | |
42 | <p>For example, if we used <b>GET</b> requests then the token would appear as | |
43 | part of a URL, where it would end up being written in the location bar of | |
44 | many browsers, stored in history databases, many even sent to random cloud | |
45 | services; this obviously has an adverse effect on security. Also, the token | |
46 | is kind of long and ugly. | |
47 | ||
48 | <p>We could avoid this problem by using <b>POST</b> requests everywhere, but | |
e8410ae0 | 49 | that causes other trouble. In particular, you’d get that annoying |
a2916c06 MW |
50 | <blockquote> |
51 | The page that you’re looking for used information that you | |
ea0eda5a MW |
52 | entered. Returning to that page might cause any action that you took |
53 | to be repeated. | |
a2916c06 MW |
54 | </blockquote> |
55 | message whenever you hit the reload button. | |
56 | ||
e8410ae0 | 57 | <h2>What’s in this cookie?</h2> |
a2916c06 MW |
58 | |
59 | <p>If you actually look at the cookie, you find that it looks something like | |
60 | this: | |
61 | <blockquote> | |
3cf8e1b7 | 62 | <tt>1357322139.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt> |
a2916c06 | 63 | </blockquote> |
3cf8e1b7 | 64 | (Did I say something about long and ugly?) It consists of three pieces |
a2916c06 MW |
65 | separated by dots ‘<tt>.</tt>’. |
66 | ||
67 | <dl> | |
68 | <dt>Datestamp | |
69 | <dd>The time at which the cookie was issued, as a simple count of (non-leap) | |
4c551c58 | 70 | seconds since 1970–01–01 00:00:00 UTC (or what would have been |
a2916c06 MW |
71 | that if UTC had existed back then in its current form). |
72 | ||
a2916c06 | 73 | <dt>Tag |
e8410ae0 MW |
74 | <dd>This is a cryptographic check that the other parts of the token |
75 | haven’t been modfied by an attacker. | |
a2916c06 MW |
76 | |
77 | <dt>User name | |
78 | <dd>Your user name, in plain text. | |
79 | </dl> | |
80 | ||
e8410ae0 MW |
81 | <h2>How do I know you’re not using this as part of some hideous |
82 | behavioural advertising scheme?</h2> | |
a2916c06 | 83 | |
e8410ae0 | 84 | <p>That’s tricky. I could tell you that this program is |
138df99f | 85 | <a href="http://www.gnu.org/philosophy/free-sw.html">free software</a>, and |
8c4d90a3 | 86 | that you can |
b035635b | 87 | <a href="~={script}H/~={package}H-~={version}H.tar.gz">download its |
8c4d90a3 | 88 | source code</a> and check for yourself. |
a2916c06 | 89 | |
e8410ae0 MW |
90 | <p>That’s true, except that it shouldn’t do much to convince |
91 | you that this server is actually running the code it claims to be. And | |
92 | anyway, Chopwood itself represents only one of many bits of software | |
93 | which could be keeping track of you somehow through this cookie. | |
a2916c06 MW |
94 | |
95 | <p>So, really, it comes down to trust. Sorry. | |
96 | ||
97 | ~1[<!------- That's all, folks ------------------------------------------>~]~ |