[sf-lug] cookies in Ubuntu

Rick Moen rick at linuxmafia.com
Tue Jul 5 22:42:48 PDT 2011

Quoting Mikki McGee (mikkimc at earthlink.net):

> Are cookies or other identifiers added, in Ubuntu?  If so, where and
> how does one locate them to identify and or delete them?

'Cookies' (aka 'magic cookies') is a rather general concept in computing
(including Linux computing), and it's likely you are intending to ask
about one specific type of cookie but not others.

You probably mean HTTP cookies, aka Web cookies, aka browser cookies.
See:   https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_cookie
There are also:

o  X Window System cookies (which have nothing particularly to do with 
   Web browsers)
o  'Flash cookies', which Adobe calls Local Shared Objects (LSOs)

To address as stated your question about location:  HTTP cookies are
stored on any given system wherever the Web browser client program puts
them.  Firefox on Linux stores them in
~/.mozilla/firefox/[userhash]/cookies.sqlite, which as the name suggests
is a SQLite database file.

'To identify or delete them', you say?  Hmm, well, knowing the directory
location of the SQlite database doesn't help you do that, because what
you probably want to do is examine, delete, and otherwise manage HTTP
cookies from _inside_ of your Web browser, instead of at the file level.

In Firefox, go to Edit menu, Preferences, Privacy, 'remove individual
cookies'.  This will bring up a Cookies window showing a scrolling
display of all currently stored HTTP cookies and domain and what the
content, path, type of associated connection, and expiration data is for
each.  Don't be surprised if the 'Content' field is most often gibberish
to you.  Anyhow, rummaging through, editing, and pruning the stored HTTP
cookies has the net effect of editing the aforementioned SQLite file.

As you will see in my lecture slides and notes from my Feb. 2001 talk
about browser security in front of SVLUG (SVLUG News column on
http://www.svlug.org/), one of my strong recommendations is Beef Taco, a
parcel of deliberately long-lived HTTP cookies you can load to preempt
the ones you probably most want to avoid.

You will also note on Slide 9 the large list of other places a browser
provides that can be used by Web sites to store 'cookie'-type
information in local browser state, and on slide 10 the core of my
argument that Javascript is the key technology that must be corralled
by the user to curb abuse.  (Sorry, but the slides do not purport to 
contain my entire lecture; they were merely props / bullet points for
it.  However, they + the lecture notes aim to come at least close.)

More information about the sf-lug mailing list