Cookie stuffing

Abstract: The present invention comprises a system and method for secure session management and authentication between web sites and web clients. The method includes both secure and non-secure communication protocols, means for switching between secure and non-secure communication protocols, a session cookie and an authcode cookie. The session cookie is used for session management and the authcode cookie is used for authentication. The session cookie is transmitted using a non-secure communication protocol when the web client accesses a non-secure web page, whereas, the authcode cookie is transmitted using a secure communication protocol when the web client accesses a secure web page. Session management architecture and usage of two distinct cookies along with both secure and non-secure communication protocols prevents unauthorized users from accessing sensitive web client or web site information.

Abstract: Methods and apparatus for sharing user information across the Internet, trackers and servers, in multiple domains. User-tracking mechanism deploy cookies placed in web-browser to track an user preference, or use URL rewriting techniques. In an embodiment, a first web site desiring to coordinate cookie information with a second web site creates a cookie in the browser, and stores information related to the information in the cookie in a cookie coordinator database. It directs the client to access a resource at the second web site. The URL of the resource on the second web site encapsulates the information about the location of the client record in a cookie coordinator database. The second web site places its own cookie on the client browser, and coordinates its information with the information in the cookie of the first web-browser by accessing the client record in the cookie coordinator database.

Abstract: A method of enabling a Web browser user to interact with a given application running on a Web server begins by constructing and returning a cookie to the Web browser upon a given occurrence, e.g., user login to the application. Without additional user input, the routine then forces the Web browser to check with the Web server that the cookie was set on the Web browser. Preferably, this is accomplished by sending the cookie from the Web server in a refresh page that redirects the HTTP flow back to itself with a parameter to check if the cookie was set. At the Web server, a test is then done to determine whether the cookie is valid. If so, the user is allowed to interact with the given server application (e.g., to take a given action or to log off from the application without closing the Web browser). A novel cookie construction and validation mechanism is also described.

Abstract: A system and method for controlling the transmission of information known as “cookies” stored on electronic media to Internet websites accessed by PC users utilizes a “cookie jar” in a server-based virtual wallet for the user. When a website server sends a “cookie” to the user's PC, the virtual wallet stores the cookie only after requesting and receiving the user's permission. When the user accesses the website server again, and the server requests return of the cookie, the virtual wallet sends the cookie only after requesting and receiving the user's permission. Alternatively, the user can preconfigure the virtual wallet with predefined parameters for withholding or sending the cookie when requested by the website server.