• Cookie is a special header sent by the server to the client or browser.
• Cookie introduces session information.
• When a server receives a request from a client, it stores information about the client in the file or a string.
• This file contains the domain name of the client, a timestamp and other information in addition to cookie.
• Cookie is just a file or string and not the executable program. It contains the session-Id, path, lifetime etc.
• The server includes this cookie in the response that it sends to the client.
• When the client receives the response, the browser stores this cookie in the cookie directory.
• When a client sends a request to the same server next time, the browser looks in the cookie directory to see whether a cookie sent by that server is present or not.
• If such cookie is found, it is included in the request.
• When the server receives the request, it comes to know that it is an old client and not a new one.
• The session ID information enables the server to link the new request to the previous request.
• The various fields in cookie are:
1. Domain. This field specifies the domain name from which the cookie is coming to the browser. Each domain cannot store more than 20 cookies per client.
2. Path. It is a path in the server’s directory structure that identifies which parts of the server’s file tree may use the cookie. It is often /, which means whole tree.
3. Content. This field is where the cookie’s content is stored. It has a form name = value. Both name and value can be anything the server wants.
4. Expires. This field specifies the expiry date and time for a cookie. On the basis of expiry date and time, cookies are of two types:
(a) Non-persistent cookie. It is a type of cookie in which expiry field is not present. Such a cookie is discarded by the browser when it exits.
(b) Persistent Cookie. The cookie in which expiry field specifying the date & time is present is called persistent cookie. Such a cookie is kept by the browser until it expires.
The expiration times are specified in Greenwich Mean Time.
5. Secure. This field can be set to indicate that the browser may only return the cookie to a secure server. This feature is used in e-commerce, banking & other secure applications.
An example of cookie specifying all the above discussed fields is shown in fig.
Purpose of Cookie
1. Allow access to registered clients only. Some websites allow access only to the registered clients. Such web sites send a cookie to its client when the client registers for the first time. For any repeated access, only those clients are allowed that send the appropriate cookie to the server.
2. E-commerce. An electronic store (e-commerce) can use a cookie for its client shoppers. When a client selects an .item and inserts it into a cart, a cookie that contains information about the item such as its number and unit price is sent to the browser. If the client selects a second item, the cookie is updated with the new selection information. When the client finishes shopping and wants to check-out, the last cookie is retrieved and the total charge is calculated.
3. Web portals. When a user selects his/her favorite pages, a cookie is made and sent. If the site is accessed again, the cookie is sent to the server to show what the client is looking for.
4. Advertising. A cookie is also used by advertising agency. An advertising agency can place banner ads on some main website that is often visited by users. The advertising agency supplies only a URL that gives the banner address instead of the banner itself. When the user visits the main website and clicks on the icon of an advertised corporation, a request is sent to the advertising agency. The advertising agency sends the banner for example, a GIF file in addition to a cookie with the ID of the user.