Always use secure attributes for cookies that contain sensitive information to ensure they are only sent over HTTPS.
Set HttpOnly attribute for cookies to prevent access via JavaScript, enhancing security against cross-site scripting (XSS) attacks.
Utilize session cookies for data that should only persist during an active session to minimize data exposure risks.
Implement expiration dates for persistent cookies to manage how long data is stored on the user's device, aiding in privacy control.
import requests # Send a GET request to the website response = requests.get('https://sandbox.oxylabs.io/products') # Extract cookies from the response cookies = response.cookies # Print all cookies print("All Cookies:", cookies) # Access specific types of cookies session_cookies = [cookie for cookie in cookies if cookie.expires is None] persistent_cookies = [cookie for cookie in cookies if cookie.expires is not None] # Print session cookies (expire with the session) print("Session Cookies:", session_cookies) # Print persistent cookies (have an expiration date) print("Persistent Cookies:", persistent_cookies) # Check for Secure cookies (transmitted over HTTPS) secure_cookies = [cookie for cookie in cookies if cookie.secure] # Print secure cookies print("Secure Cookies:", secure_cookies) # Check for HttpOnly cookies (not accessible via JavaScript) httponly_cookies = [cookie for cookie in cookies if cookie.has_nonstandard_attr('HttpOnly')] # Print HttpOnly cookies print("HttpOnly Cookies:", httponly_cookies)
Ensure that the domain and path attributes of cookies are correctly set to restrict their scope and prevent them from being sent to unintended locations.
Regularly update and validate the expiration settings of persistent cookies to reflect changes in privacy policy and user preferences.
Use the Secure flag in conjunction with the HttpOnly flag for comprehensive security that guards against both interception and client-side scripting attacks.
Review and clean up session and persistent cookies periodically to avoid unnecessary data retention and potential compliance issues.
# Bad: Not specifying domain and path for cookies, which might lead to security issues response.set_cookie('user_id', '12345') # Good: Specify domain and path to restrict cookie scope response.set_cookie('user_id', '12345', domain='example.com', path='/secure') # Bad: Using outdated expiration for cookies response.set_cookie('user_session', 'abcd', expires='Thu, 01 Jan 1970 00:00:00 GMT') # Good: Set appropriate expiration date reflecting current policies from datetime import datetime, timedelta expiration_date = datetime.now() + timedelta(days=90) response.set_cookie('user_session', 'abcd', expires=expiration_date.strftime('%a, %d-%b-%Y %H:%M:%S GMT')) # Bad: Setting cookies without Secure or HttpOnly flags response.set_cookie('auth_token', 'secure123') # Good: Use Secure and HttpOnly flags to enhance cookie security response.set_cookie('auth_token', 'secure123', secure=True, httponly=True) # Bad: Keeping session cookies indefinitely without review session_cookies = [cookie for cookie in cookies if cookie.expires is None] # Good: Periodically review and clean up session cookies # Implement a routine to check and delete unnecessary session cookies for cookie in session_cookies: if not necessary(cookie): delete_cookie(cookie)
Web scraper API
Public data delivery from a majority of websites
From
49
Get the latest news from data gathering world
Scale up your business with Oxylabs®