Cookies

A primer on cookies.

An HTTP cookie is key/value pair used to store data in the browser. Since HTTP is stateless, cookies can send cookies to the server to create 'state'.

A cookie has three main things:

• key
• value
• expiry A cookie can only be used on one domain (and its subdomains).

Cookies are mainly used for three main purposes:

• Session management
• Personalisation
• Tracking

Servers can set a cookie on a browser using the Set-Cookie HTTP header. Browser can send that back through a Cookie HTTP header. Remember that servers don't store cookies. They use sessions.

Remember that users can easily edit/supply their own cookies, so consider the security implications.

[[browsers]] [[web]]