The Risks of Client-Side Data Storage

by Edwin Tump
Sept. 1, 2017 0 comments SANS Institute data loss prevention

Ever since the introduction of cookies as the HTTP state management mechanism, websites store data on the systems of their end users. The original idea behind cookies was that web applications would now be able to relate HTTP requests to previous requests. By storing a unique session identifier on both the client (in the form of a small text file, the “cookie”) and the server, the stateless HTTP protocol suddenly became stateful. Cookie usage has changed over time and now web applications not only use this mechanism for session fixation but also to e.g. track users, create web applications with offline capabilities and speed up the performance of web applications by reducing server load and limiting the data that must be exchanged between client and server.

https://www.sans.org/reading-room/whitepapers/dlp/risks-client-side-data-storage-33669