Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

The Risks of Client-Side Data Storage

Download File
The Risks of Client-Side Data Storage (PDF, 2.23MB)Published: 16 May, 2011
Created by:
Edwin Tump

Ever since the introduction of cookies as the HTTP state management mechanism, websites store data on the systems of their end users. The original idea behind cookies was that web applications would now be able to relate HTTP requests to previous requests. By storing a unique session identifier on both the client (in the form of a small text file, the cookie) and the server, the stateless HTTP protocol suddenly became stateful. Cookie usage has changed over time and now web applications not only use this mechanism for session fixation but also to e.g. track users, create web applications with offline capabilities and speed up the performance of web applications by reducing server load and limiting the data that must be exchanged between client and server.