Cookies
Cookies allow web servers to store state information in the browser. They are often used to store session variables, user preferences, or user identity. Cookies are not part of the HTTP specification; however, they have become ubiquitous and are sometimes needed for proper interactions with some web sites.
Cookies work in the following way: when a server program wishes to
store state information in the client, the server issues a
Set-Cookie
header its response to the client,
which contains the value it wishes to store. The client is expected
to store the information from the Set-Cookie
header, associated with the URL or domain that issues the cookie. In
subsequent requests to that URL or domain, the client should include
the cookie information using the Cookie
header.
The server or CGI program uses this information to return a document
tailored to that specific client. The server can set an expiration
date for the cookie, or just use it for a session that will not
survive beyond the current instance of the browser.
For example, the client may fill in a form opening a new account. The request might read:
POST /sales.ora.com/order.pl HTTP/1.0 [Client headers here] type=new&firstname=John&lastname=Smith
The server stores this information along with a new account ID, and sends it back in the response:
HTTP/1.0 200 OK [Server headers here] Set-Cookie: acct=04382374;domain=.ora.com;Expires=Sun, 16-Feb-2003 04:38:14 GMT;Path=/
The next time the browser visits the site, the client should ...
Get HTTP Pocket Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.