okay, let's do a quick demo, remember when we played around on telnet in unit one to, to manipulate web servers directly? i'm going to go ahead and do that here, and we can look at some more http headers. so, if i were to telnet to google.com, you know, port 80, as we've been doing. so, we do our http request to get the front page remember our host header. we see our results, we scroll up to the top of this, we can our our header. so here's the request i made, and here are the headers and here are a couple set cookie
headers. so in this one, this sets a cookie named pref, to this value and it's actually google's doing a very typical google thing, and storing multiple pieces of data in one cookie. so this is the equal sign that's part of the cookie header, and this equal sign is actually part of the cookie value. this is the end of the cookie value here, we've got a semicolon and then we have some extra parameters that we haven't talked about yet. we have an expires time, and this is when the cookie expires. so after this date, april 19th, 2014, this cookie will no longer be
sent and this cookie is relative or relevant to the path slash so you can restrict cookies to specific paths and this cookie is specific to google.com. so this basically means that anybody at google.com will receive this cookie. here is a, another, another cookie this one's called nid. and you know, you can see the value comes all the way down here, to the first semicolon. expires time of its own a path, a domain, some extra constraints. this cookie's only and relevant to http which, which, is, is just another, another cookie option
you have at your disposal. i want to show you one quick thing while we're in the terminal here. if you're on a mac or linux you can use the curl cmd which is pretty cool. say, curl -i, which basically says, get me the headers. curl -i google.com, and that'll just run the headers. i'm not going to quiz you on that, but if you're on a unix machine, you can use curl instead of telnet, and you don't have to type so fast and type so much stuff. so anyway, curl -i, handy little tool for
viewing http headers. i'll show you one last way to inspect cookies this may not work for everybody, but it's another neat experiment. your on in chrome i'm in you know special private browsing mode which is what all this is talking about. basically i'm in the private browsing mode because i'd, i don't want to have any cookies, and that's generally what this private browsing modes do, is they throw away all your cookies. so i'm going to, i'm going to do something here, i've open up to the bug tools in chrome, this are in developer tools that are built in the chrome, you
can google around for, how to show this in chrome or you know safari and internet explorer also have, a similar feature so you can kind of watch requests. and i'm going to go to google.com and on here i can see all of the requests we made at google.com and one thing i can do is i can actually view the headers. we can actually view the request header i made for google.com and you can see we, we sent some various headers. we didn't send any cookies, cause we don't have any. and if we scroll down a little bit, we can see you
know one of the cookies that got set, right here. this is one of the cookie headers, so that cookie. if we were to reload this page now, our browser, chrome here, has stored this cookie. if we were to load this page, we should see a new request header, i will do that now. i have reloaded the page and now we see the request we made for the google.com the request has a cookie header and this says the exact same context as the sec cookie. well at least the name here, and the value is the
same. you don't have to resend path and domain and all those other options, those are just for the browser to know when to send the cookie. if, if, if you're feeling adventurous, you can find a, a debug mode in your browser and experiment with this sort of stuff. it's kind of, it's kind of neat to see what's there.
Tidak ada komentar:
Posting Komentar