Mmm sounds delicious.. Sorry to get your hopes up but the cookies I want to talk about are not the delicious chocolate chip kind but rather the computer type. I’m sure you’re at least familiar with the term cookie since almost every website we use seems to be asking for your precious cookies! Have you ever wondered what they actually are? Many people don’t know so let’s get into it!

What’s a cookie?

A HTTP cookie also known as a web cookie or browser cookie is a small piece of data a server sends to the browser of a user. The browser will store it in memory and send it back to the server once another request is made. The stored data will then help the server in managing sessions, personalization and tracking.

What does it do?

Session management

Have you ever wondered why some websites remember who you are without requiring you to log in ? No? Okay, just me then.. Either way, cookies are responsible! Your login data is securely kept by the browser so that next time you open the page you don’t have to go through the hassle of typing in your login info. This same function is also what keeps track of items in your cart even if you’ve gone back and fourth between pages. A little vital piece of information is saved so that you can have the best possible user experience. Imagine how annoying it would be if your Amazon items disappeared out of your cart because you accidentally exited the page. Thankfully cookies take care of that.

Personalization

Are you a light or dark theme type of person? Personally I like the dark theme of most websites. Cookies are where your preferences are stored! Thanks to them you don’t have to mess with your settings every time you log into Facebook or Instagram.

Tracking

Tracking?! This is probably the most widely known cookie function as it carries a bit of stigma with it. People don’t like to be tracked which is why a lot of users deny cookie access when asked for it by a website. The tracking function is highly valuable to many online businesses as it helps them to better understand the user and their online habits. Cookies also allow marketers to custom fit the advertisements you see based on the activity stored in your cookies.

Creating Cookies

I’m sure you’ve got your own go to cookie recipe but how are web cookies made? On the server side, cookies are initialized using the Set-Cookie HTTP response header as follows.

Set-Cookie: <cookie-name>=<cookie-value>

This communicates to the client side to store cookies from the server. Every request made to the server from now on will contain the cookie data so that the server can respond accordingly.

Lifetime of a Cookie

How long are cookies good for? A session cookie is deleted when a given session ends. When the given session ends is defined by the browser. Permanent cookies are only deleted at the specified date stored in its “Expires” attribute or after a period of time specified under the Max-Age attribute. It looks like this.

Set-Cookie: id=a3fWa; Expires=Thu, 31 Oct 2021 07:28:00 GMT;

In times where cookies are used to authenticate users, a new session cookie will be generated and sent to the user. This is aimed at protecting you from 3rd party usage of your session.

Where do the cookies go?

The Domain and Path cookie attributes denote the scope of the cookies. This is what determines what URLs the cookies should be sent to.

Domain Attribute

This attribute specifies which hosts can receive the cookie. Specifying this attribute is best practice as if it is left ambiguous the cookie will only be received by the same browser as the host. In this case setting the attribute is actually less restrictive than omitting it.

For example, if Domain=mozilla.org is set then cookies will also be available on subdomains such as developer.mozilla.org

Path Attribute

This attribute denotes a URL path that has to be present in the requested URL in order to send a cookie to header. For example if Path=/posts is set then the following paths will match; /posts, /posts/Web/, /posts/Web/HTTP. The “/” sign is a directory separator so all of our previously mentioned paths match as they are all subdirectories of “/posts”.

Conclusion

I hope that you now have a better understating of browser cookies and their significance. We utilize them everyday and you can appreciate them a little bit more now that you know what, why and how they do it.