~1[<!-- -*-html-*-
  --
  -- Information about cookies
  --
  -- (c) 2013 Mark Wooding
  -->

<!------- Licensing notice --------------------------------------------------
  --
  -- This file is part of Chopwood: a password-changing service.
  --
  -- Chopwood is free software; you can redistribute it and/or modify
  -- it under the terms of the GNU Affero General Public License as
  -- published by the Free Software Foundation; either version 3 of the
  -- License, or (at your option) any later version.
  --
  -- Chopwood is distributed in the hope that it will be useful,
  -- but WITHOUT ANY WARRANTY; without even the implied warranty of
  -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  -- GNU Affero General Public License for more details.
  --
  -- You should have received a copy of the GNU Affero General Public
  -- License along with Chopwood; if not, see
  -- <http://www.gnu.org/licenses/>.
  -->~]~

<h1>Why and how Chopwood uses cookies</h1>

<h2>Which cookies does Chopwood actually store?</h2>

<p>Chopwood uses only one cookie, named <b>chpwd-token</b>.  The cookie is
stored with a maximum lifetime of 25 minutes: after this time, your browser
should forget all about it (and the server will stop caring about what it
means).

<h2>What do you need this cookie for?</h2>

<p>The cookie contains a token which tells the server that you&rsquo;ve
logged in properly.  We could have chosen to use a hidden form field to
carry this token about, but that causes other trouble.

<p>For example, if we used <b>GET</b> requests then the token would appear as
part of a URL, where it would end up being written in the location bar of
many browsers, stored in history databases, many even sent to random cloud
services; this obviously has an adverse effect on security.  Also, the token
is kind of long and ugly.

<p>We could avoid this problem by using <b>POST</b> requests everywhere, but
that causes other trouble.  In particular, you&rsquo;d get that annoying
<blockquote>
  The page that you&rsquo;re looking for used information that you
  entered.  Returning to that page might cause any action that you took
  to be repeated.
</blockquote>
message whenever you hit the reload button.

<h2>What&rsquo;s in this cookie?</h2>

<p>If you actually look at the cookie, you find that it looks something like
this:
<blockquote>
  <tt>1357322139.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt>
</blockquote>
(Did I say something about long and ugly?)  It consists of three pieces
separated by dots &lsquo;<tt>.</tt>&rsquo;.

<dl>
<dt>Datestamp
<dd>The time at which the cookie was issued, as a simple count of (non-leap)
seconds since 1970&ndash;01&ndash;01 00:00:00 UTC (or what would have been
that if UTC had existed back then in its current form).

<dt>Tag
<dd>This is a cryptographic check that the other parts of the token
haven&rsquo;t been modfied by an attacker.

<dt>User name
<dd>Your user name, in plain text.
</dl>

<h2>How do I know you&rsquo;re not using this as part of some hideous
behavioural advertising scheme?</h2>

<p>That&rsquo;s tricky.  I could tell you that this program is
<a href="http://www.gnu.org/philosophy/free-sw.html">free software</a>, and
that you can
<a href="~={script}H/~={package}H-~={version}H.tar.gz">download its
source code</a> and check for yourself.

<p>That&rsquo;s true, except that it shouldn&rsquo;t do much to convince
you that this server is actually running the code it claims to be.  And
anyway, Chopwood itself represents only one of many bits of software
which could be keeping track of you somehow through this cookie.

<p>So, really, it comes down to trust.  Sorry.

~1[<!------- That's all, folks ------------------------------------------>~]~