Can a cookie be made permanent (by the browser, not the server)?

2

I have a program installed K9 Web Protection in my PC. It detects any changes made in the hosts file and blocks the access to that website. I have made these changes in my hosts file

::ffff:216.239.38.120 google.com www.google.com
216.239.38.120 google.com www.google.com

Now what happens is, if I make changes in hosts file after once opening the website that is its cookie is stored then it does not display warning. but once I clear the cookies it detects the change and website does not open. Is there any way I can store a cookie file permanently and use it anytime? What I tried is I extended the lifetime of a cookie to 2050 and then copying the cookie.sqlite file from the c:users>acer>appdata>local>google>chrome>userdata>default to desktop and then clear the cookies of browser. Afterwards, I copied the desktop file to same directory but K9 again got hold of that.

  • Can I make a cookie permanent and store it at a different location and use it whenever I want?
  • Other links are opening but not Google, why?

Sudhir Sharma

Posted 2018-05-31T10:25:51.990

Reputation: 21

You do understand Google has multiple IP addresses for their domains, and they can change, so your host solution shouldn’t be used. You should create an exception for a google. – Ramhound – 2018-05-31T16:31:40.493

@user3701825, that was a bad edit. Please don't abuse \code`` for some highlighting. – Arjan – 2018-06-01T08:01:02.973

i have solved the problem what i did is i allowed google.com in k9 settings – Sudhir Sharma – 2018-06-01T08:02:53.087

Answers

0

Technically, the browser could indeed ignore the cookie's lifetime that the server has defined, which you already proved yourself. You might even be able to create some script that alters that .sqlite file without the need to copy it.

Such changes will make the browser send the cookie's name and value (but not its expiry date) to the server along with the next request. However, at that point it's up to the server:

  • Most cookies don't include much details at all, expect for some random unique id, which the server needs to know as well. So if, for example, the server has already removed that expired unique id from its database, it will not find a match with the cookie that the browser sent, and ignore it. Or it might recognize it, but still reject it as it knows better.

  • Some cookies might have a value that itself somehow declares an expiration date.

  • Many servers will refresh the cookie every now and then, or even in every response. So, even if the altered cookie was accepted, the browser might very well overwrite it with a new value and new expiration date as soon as that cookie was sent to the server and the server returned a new cookie.

I'd say chances for success are low, and very much depend on the website.

A .sqlite file is basically a SQL database, and maybe some update cookies set expires = ... where name = ... might do the trick, if the browser does not somehow secure its contents. You might also be able to change a "session" cookie into a permanent cookie by adding an expiry date.

Arjan

Posted 2018-05-31T10:25:51.990

Reputation: 29 084

Asked: 2018-05-31T10:25:51.990

Viewed: 93 times

Active: 2018-06-01T08:50:18.463