 |
|
 | technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
'Cookie cutting' keeps traffic moving
| 
|
(IDG) -- Cookie cutting - also known as cookie switching - is the ability to capture, parse and switch traffic based on HTTP cookies. The practice gives network professionals unprecedented control over user traffic, as well as new options for providing customized Web services.
A cookie, defined as an HTTP header in RFC 2109 and also defined in Netscape's HTTP 1.0 specification, is a token that is inserted into an HTTP stream to maintain state between a client and an origin server. While traditional packet switches examine Layer 2 media access control and Layer 3 IP address information, they can't read URLs or cookies and are unable to track entire Web sessions. As a result, new devices, namely Web switches, support content-intelligent processing functions.
Commonly used in search engines, shopping carts, Web-based e-mail and secure e-commerce applications, cookies help administrators identify and classify traffic by individual user.
| MORE COMPUTING INTELLIGENCE |
IDG.net home page
|
| Surf anonymously |
| 10 ways to avoid password oppression |
| Want security? See what hacker does with a cookie |
| IDG.net's network operating systems page |
| Reviews & in-depth info at IDG.net |
| E-BusinessWorld |
| Year 2000 World |
| Questions about computers? Let IDG.net's editors help you |
| Subscribe to IDG.net's free daily newsletter for network experts |
|
Search IDG.net in 12 languages |
| News Radio |
Fusion audio primers
|
|
Computerworld Minute
|
Many important Web applications require persistence. Persistence refers to transactions from a client that must be processed by the same server to ensure the integrity of each transaction. Maintaining all the items placed into an online shopping cart or the actual check-out transaction where credit card processing occurs are both good examples.
But in cases where user traffic is aggregated at so-called "mega-proxy" points, such as America Online, multiple users can enter a site with identical IP addresses. And where multiple proxy servers are used, there is a potential for the same user to be assigned a different IP address for each TCP connection.
This poses problems for traditional load balancers in maintaining session persistence. Because traditional load balancers typically use the source IP address to bind user sessions to a specific server for e-commerce applications, traffic entering a Web site from AOL or any other mega-proxy can wreak havoc for servers, as all traffic is bound to the same server.
With cookie-based session tracking, the Web switch sends the first incoming request to the most available server. The server then creates or modifies the cookie header, inserting a predefined cookie name with a different value for each client. Based on this cookie, all subsequent requests from this user are forwarded to the same server.
Because cookies are sent in the HTTP header after each TCP session has been established, capturing the cookies is a complex and processing-intensive task that can potentially kill performance. Here's why: To capture a cookie, the Web switch must complete the three-way TCP handshake with the client.
This begins when it receives a TCP SYN request that the client has sent to a virtual IP address on the Web switch. All frames received by the switch are buffered until the cookie arrives. Once the cookie is captured, it is processed to determine the best server to handle the request. Then the Web switch sends a TCP SYN request to the selected server and a new connection is established from the Web switch to that server. Previously buffered frames from the client are then sent to the server, and the Web switch splices together the client-to-switch connection and the switchÐto-server connection.
To solve this problem, Web switches have been designed around a distributed processing architecture. This architecture employs dedicated processors (typically two or more) on each switch port. These processors operate independently, handling the parsing and binding of all Web sessions associated with a particular port.
In the end, cookie cutting is a significant step forward in bringing innovative new services to end users while giving more control and flexibility to network administrators.
RELATED STORIES:
SAS e-Intelligence analyses Web traffic, profiles visitors
February 21, 2000
Billing system targets 'Net content providers
February 17, 2000
RELATED IDG.net STORIES:
Crush the Internet cookie monster!
(PC World)
Want security? See what hacker does with a cookie
(Computerworld)
Guard Dog Away chases cookies before they reach you
(Infoworld)
Surf anonymously
(PC World)
10 ways to avoid password oppression
(PC World)
Can anything change the perception that there is no privacy online?
(PC World)
Privacy activists file DoubleClick complaint
(The Industry Standard)
Online profiling worries privacy advocates
(Computerworld)
RELATED SITES:
RFC 2109 (Defines cookies)
Cookie Crusher
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.