The Web never forgets: Persistent tracking mechanisms in the wild
https://securehomes.esat.kuleuven.be/~gacar/persistent/index.html
Cookies
respawn_redux [presistent cookies based on If-Modified or Etag headers]
http://ashkansoltani.org/docs/respawn_redux.html
respawn_redux [presistent cookies based on If-Modified or Etag headers]
http://ashkansoltani.org/docs/respawn_redux.html An article that describes a method to create a permanent cookie based on If-Modified and Etag HTTP headers. Currently this is used in “the wild” by several banner and add networks. The method is possible because of the simplified implementation of If-Modified implementation in all modern browsers (browsers do not validate values of if-Modified as DATE)
Automated HTTPS Cookie Hijacking | fscked.org
http://fscked.org/blog/fully-automated-active-https-cookie-hijacking a note from security ppl that session/login cookies that normally delivered via https have to be explisidly marked as “secure” so they only delivered via https. Otherwise bad ppl can hijack them.
protocols08cookies.pdf (application/pdf Object)
http://www.cl.cam.ac.uk/~sjm217/papers/protocols08cookies.pdf [yet another one] proposal for secure session cookies