Hyobin Yang

Engineer

Notes About Cookie

1 minute read

[Research] Notes About Cookie

Web is stateless

In web application, client(user) request data(HTTP request) to server via browsers(Chrome, Safari, Edge.. etc) and server send requested data to the client that is called response with which browser show us the web site.

So basically,

  • we request
  • we get the corresponding response

Done. No more connection left. No relation between requests. So to speak Stateless.

However, It seems many web applications are stateful.

  • In web store, the store remember what I saw, what I liked, and the products in my cart.
  • Sometimes they show something based on what I’ve searched.

It means although requests and responses themselves are stateless, there’s something that manage these necessary data.

The browser save the data that is necessary to use while using web application and that data is called cookie.

Cookie is

  • string type with structure of key & value.
  • generated by server and sent to client.
  • then sent for every request.
  • therefore limited to 4KB.
  • may expire : session cookie
  • or not : persistent cookie

When user sends request to server with cookie then server can send response based on the data in cookie. So it can manage the state.

Also, Cookie belongs to domain.

Therefore, if you entered website A.com then you get cookie belongs to A.com, not B.com nor C.com. However, you will see that wherever website you go, there are more cookies than the host domain offers.

  • I entered someonesblog.com
  • for sure, there’s cookie from someonesblog.com
  • what?? there’s cookie from instagram.com.

But, cookie belongs to domain. How there can be cookies from other domain? Because they managed to put some source that you have to request to other domain. For example, if a post of someonesblog.com used any post of instagram then, instagram on their response to show the post it lays cookie too.

Those cookies that not belong to host domain are Third-party cookie. Facebook, Google and many companies use this Third-party cookie to track user’s data although they are not browsing their website.

You may also enjoy