How cookies work?

cookies

Understanding Cookies

Cookies are given to a browser by the server. The browser reveals the cookies as applicable only to the domain that provided the cookie in the first place.

The data in the cookie allows the server to continue a conversation, so to speak. Without the cookie, the server considers the browser a first-time visitor.

Have a look at these to know about browser cookies

Understanding Browser cookies

http://internet-security.suite101.com/article.cfm/understanding_computer_browser_cookies

http://www.willmaster.com/library/cookies/understanding-cookies.php

https://web.archive.org/web/1/http://articles.techrepublic%2ecom%2ecom/5100-22_11-6063884.html


Explanation via Pictures

A world with and without cookies - explained

Simple Explanation by Analogy (via a story)

Freddie works at the Government Taxation Office (IRS/HMRC/ATO/CBDT etc). He deals with millions of people who come to see him everyday. And he has a very poor memory.

In a World Without Cookies:

One day a customer walks in to Freddie's customer care desk:

Customer 1: "Good morning Freddie, so did you change my address like I asked you to?"

Freddie: "I'm sorry. I don't remember who you are? Who are you?"

Customer 1: "Dude, I spoke to you last Monday regarding this issue! How could you forget!"

Unfortunately, the HTTP protocol is stateless. There is no way Freddie (the server) can identify different customers (clients) apart from each other. He doesn't remember. He has a very short memory. There is a solution though:

The World WITH Coookies:

The customer walks in to see Freddie (his name is Brian), but this time, the customer gives Freddie his taxation office ID card:

Brian May: "Good morning Freddie, My name is Brian May...so did you change my address like I asked you to?"

Freddie: "ah yes...hmmm......Brian May, Queen, Lead Guitarist, We Will Rock you......very interesting, I have your records here on my back end system.........let me bring up the records pertaining to your address........YES: I did in fact change your address. BTW since you gave me your ID that's all I need, you don't need to tell me your name is Brian May. Just give me your ID and I will be able to see that on my system".

Explanation of Analogy

You can think of a cookie as kinda like an ID card: if you identify yourself to the server, the server will remember who you are and will treat you accordingly:

  • e.g. it will remember what you've already ordered in your cart so far.

  • it will remember that you like reading your website in Tamil / Spanish / Cantonese / Swahili etc.

  • it can (basically) identify who you are.

In this particular case, it is the Government Taxation Office who issues out the ID cards.

Granted the analogy is a little strained and very simplified but hopefully, it will help you understand and remember the underlying concept.


Usually the cookie contains a session id number. The id number is then connected to session data that is stored on the server. The usual process is then:

  1. Send login form
  2. Server checks username and password
  3. If correct, the username is stored in a session file on the server, along with various other useful information about the user (if it's a site admin, moderator, userid and so on).
  4. The server sends back a cookie containing an id number that identifies the session file
  5. The browser sends the cookie with each request to that server, so the server can open the session file and read the saved data.

Usually the password is not sent more than once (at login in step 1).


It depends, because there are many scenarios and abilities of usage of cookies.

One of scenarios is:

  1. User submits login form.
  2. Website authorizes the user and set cookie visible in website domain with user name, password (i.e. MD5 hashed) and sometimes other information.
  3. Cookie is sent with each request, which allows website to check if request is came from the authorized user.

For more details read Wikipedia article about cookies.

Related

automatically add header to every response
Handle DBNull in C#
Querying by a field with type 'reference' in Firestore
Can lazy-loaded modules share the same instance of a service provided by their parent?
Chrome extension: Inject JS before page load
Why does the Java 8 generic type inference pick this overload?
How can you tell if a value is not numeric in Oracle?
converting a list of integers into range in python
How to send notification to specific users with FCM?
How to load assemblies located in a folder in .NET Core console app
Are event handlers in JavaScript called in order?
Best place to set CurrentCulture for multilingual ASP.NET MVC web applications