Does every web request send the browser cookies?

cookies

Solution 1:

Yes, as long as the URL requested is within the same domain and path defined in the cookie (and all of the other restrictions -- secure, httponly, not expired, etc) hold, then the cookie will be sent for every request.

Solution 2:

As others have said, if the cookie's host, path, etc. restrictions are met, it'll be sent, 50 times.

But you also asked why: because cookies are an HTTP feature, and HTTP is stateless. HTTP is designed to work without the server storing any state between requests.

In fact, the server doesn't have a solid way of recognizing which user is sending a given request; there could be a thousand users behind a single web proxy (and thus IP address). If the cookies were not sent every request, the server would have no way to know which user is requesting whatever resource.

Finally, the browser has no clue if the server needs the cookies or not, it just knows the server instructed it to send the cookie for any request to foo.com, so it does so. Sometimes images need them (e.g., dynamically-generated per-user), sometimes not, but the browser can't tell.

Solution 3:

Yes. Every request sends the cookies that belong to the same domain. They're not cached as HTTP is stateless, what means every request must be enough for the server to figure out what to do with it. Say you have images that are only accessible by certain users; you must send your auth cookie with every one of those 50 requests, so the server knows it's you and not someone else, or a guest, among the pool of requests it's getting.

Having said that, cookies might not be sent given other restrictions mentioned in the other responses, such as HTTPS setting, path or domain. Especially there, an important thing to notice: cookies are not shared between domains. That helps with reducing the size of HTTP calls for static files, such as the images and scripts you mentioned.
Example: you have 4 cookies at www.stackoverflow.com; if you make a request to www.stackoverflow.com/images/logo.png, all those 4 cookies will be sent.
However, if you request stackoverflow.com/images/logo.png (notice the subdomain change) or images.stackoverflow.com/logo.png, those 4 cookies won't be present - but maybe those related to these domains will.

You can read more about cookies and images requesting, for example, at this StackOverflow Blog Post.

Related

Linked PDF and going back in OS X Preview
How can I delete a certificate that got restored from a backup under iOS 10/11?
How can I tell what version of SMB is negotiated when I connect to a share from macOS?
How to get overall CPU usage (e.g. 57%) on Linux [closed]
How to Kiosk Mode a Web Page OSX - Chrome
Given a number, find the next higher number which has the exact same set of digits as the original number
How can I make the Cisco VPN Client work with Lion?
Is there a more-accurate indicator of an app download's progress than what appears in Launchpad?
How to fully 'uninstall' an app on OS X
How do I rename a file in git that differs by case only?
What is the impedance of the line/headphone jack on MacBook Pro Retina?
How can I list all the installed printer drivers on Mac OS 10.6?