Storing a cookie in the cache

301 Redirects are permanent redirects intended for use by webmasters to redirect users from one page to another while permanently storing the request so any future requests to that same resource can bypass the server and go directly to the end resource – thus speeding up the browsing experience.

In Firefox and Opera, the cache of 301 redirects is stored separately from the traditional cookie jar. By storing a cookie string in a 301 redirected url, you can effectively keep the same cookies for users even if the cookies are cleared. Visiting this url: https://rehmann.co/projects/301-Redirect-Cookie/ in these two web browsers will give you the same "cached cookie" below, even after clearing your cookies.

Your 301 Cached Cookie Is: 1pQv2YSQcJ

Mitigation

Firefox: Ensure Cache and Browsing History are Cleared between sessions to refresh 301 redirect cache

Opera: Ensure Cache is Cleared between sessions to refresh 301 redirect cache

Chrome: Unaffected - Clearing Cookies clears 301 redirect Cache

Safari: Unaffected - "Clear History and Website Data" clears 301 redirect cache

Internet Explorer: Unaffected - "Clearing Cookies" refreshes 301 redirect cache

