Along with the emergence of web applications came a call for the ability to store user information directly on the client. The idea is logical: information pertaining to a specific user should live on that user's machine. Whether that is login information, preferences, or other data, web application providers found themselves searching for ways to store data on the client. The first solution to this problem came in the form of cookies, a creation of the old Netscape Communications Corporation and described in a specification entitled Persistent Client State – HTTP Cookies (still available at
http://cgi.netscape.com/newsref/std/cookie_spec.html). Today, cookies are just one option available for storing data on the client.
HTTP cookies, commonly just called cookies, were originally intended to store session information on the client. The specification called for the server to send a
Set-Cookie HTTP header containing session information as part of any response to an HTTP request. For instance, the headers of a server response may look like this:
HTTP/1.1 200 OK Content-type: text/html Set-Cookie: name=value Other-header: other-header-value
This HTTP response sets a cookie with the name of
"name" and a value of
"value". Both the name and value are URL-encoded when sent. Browsers store such session information and send it back to the server via the Cookie HTTP header for every request after that point, such as the following:
GET /index.html HTTP/1.1 ...