top of page

What are HTTP Cookies?

Updated: Jun 15, 2023


HTTP cookies

What are HTTP Cookies?

HTTP cookies, commonly known as cookies, are small pieces of data that are stored on a user's device (such as a computer or mobile device) by a web server when the user visits a website. These cookies are sent back and forth between the web server and the user's browser as part of the HTTP protocol, allowing the server to remember certain information about the user and their browsing session.


Cookies serve various purposes, including:

  1. Session Management: Cookies can be used to maintain session information, allowing websites to recognize and remember users as they navigate through different pages or return to the site.

  2. Personalization: Cookies enable websites to remember user preferences and settings, providing a personalized experience. For example, a website may remember a user's language preference or display customized content based on their previous interactions.

  3. Tracking and Analytics: Cookies can be used for tracking user behavior and collecting analytics data. This information helps website owners understand how users interact with their site, such as the pages they visit, the time spent on each page, and the actions taken.

  4. Authentication and Security: Cookies play a crucial role in user authentication, allowing websites to verify user identities and grant access to restricted areas. They can also enhance security by implementing measures like session timeouts and CSRF (Cross-Site Request Forgery) protection.

Cookies consist of a name-value pair and optional attributes. The attributes can include the expiration time, path, domain, and security settings for the cookie. When a user visits a website, the server can set cookies by sending HTTP headers to the user's browser. The browser then stores these cookies and includes them in subsequent requests to the same website.


It's important to note that cookies are specific to a particular website domain and can only be accessed by the same domain that created them. This helps maintain user privacy and prevents cross-site scripting vulnerabilities.


While cookies offer valuable functionality, they also raise privacy concerns. Some users may prefer to manage or disable cookies through browser settings or use privacy-enhancing tools and browser extensions. Website owners are also obligated to follow applicable privacy laws and regulations regarding the use of cookies and inform users about their cookie practices through privacy policies.


How to Create HTTP Cookies?

Till now we understood what HTTP cookies are and how they address the issue of connectionless communication in HTTP.


Now, let's explore how we can create and store cookies in a user's browser. The values stored in these cookies can serve various purposes depending on the website's requirements. Here's an example code snippet to create cookies:

<?php
// Set the cookie name
$cname = "Web_user1"; 
// Set the cookie value
$cvalue = "Amita"; 
// Set the cookie
setcookie($cname, $cvalue, time() + (3600)); ?>

The above code will set the cookie in the user's system. The setcookie function is used to set the cookie, and its syntax is as follows:

setcookie(cookieName, cookieValue, cookieLife) 

Among these parameters, only cookieName is mandatory, while the others are optional. cookieLife specifies the duration for which the cookie will be stored in the browser, measured in seconds. In the example above, the value is set to 3600, which means the cookie will remain in the user's browser for 1 hour.

Now let's see how to use the cookie:

<?php
if (!isset($_COOKIE[$cookieName])) 
{     
    echo "Please set '". $cookieName . "'"; 
} else {     
    echo "Cookie name is '". $_COOKIE[$cookieName] . "'"; 
} 
?>

The above code will output the value of cookieName that was passed as a parameter through the setcookie function. The isset function checks if the variable has been assigned a value. For the given code, the output will be:

Cookie name is 'Amita'

By utilizing cookies, websites can store and retrieve data from the user's browser, enabling personalized experiences and facilitating various functionalities based on the stored information.


Inspect HTTP Cookies with the browser

If you're curious about where cookies are stored in your browser and how you can access them, let me walk you through the process. But before that, it's important to note that websites cannot store cookies in your browser without your consent. Now, let me show you how to locate and view cookies in your browser.



In the provided image, you can see that some cookies have been stored in the browser. The image corresponds to the Firefox browser, and I will explain how you can find and view cookies in Mozilla Firefox.


Follow the steps below to access the screen that resembles the one shown above:

Step 1: Click on the three parallel lines located at the top right corner of the Firefox window.

Step 2: From the drop-down menu, select the "Web Developer" option.

Step 3: In the Web Developer submenu, choose "Storage Inspector."

Step 4: A new tab or panel will open, displaying various storage options. Find the website name for which you want to view the cookies and click on it.


By following these steps, you will be able to access the storage inspector in Firefox and view the cookies stored by specific websites. It allows you to see the details and values associated with those cookies.


HTTP Cookies path

The path of an HTTP cookie refers to the location on the server where the cookie is stored. In order for web pages to access the cookies, they must be within the specified subdirectory. By default, cookies are set at the global location, making them accessible to all pages. The following code sets a global cookie:

document.cookie = 'foo=bar; path="/"';

To set a cookie in a specific subdirectory, use the following code. It is important to be cautious when setting the cookie path because pages at a higher level in the folder hierarchy will not be able to access the cookie.

document.cookie = 'foo=bar; path="/subfolder"';

For example, a page at www.xyz.com/randompage1 will not be able to access the cookie, while a page at www.xyz.com/subfolder/randompage1 will have access to it. If the path is not set, the cookie will be global and accessible on every page.


HTTP Cookies security

Cookies contain sensitive data for websites and should be kept confidential. HTTP request headers, also known as HTTP packets, are used to provide security to cookies. There are specific attributes that can enhance cookie security:


1. HttpOnly: This attribute makes the cookie accessible only from the host that has stored it in the browser. It prevents the cookie from being accessed using document.cookie in JavaScript.

document.cookie = 'foo=bar; HttpOnly;';

2. Secure: This attribute makes the cookie inaccessible to websites that are not transmitting data without encryption. It requires the communication between the browser and server to be encrypted using SSL/TLS. URLs starting with https:// can use secure cookies, while those with http:// cannot.

document.cookie = 'foo=bar; Secure;';

Conclusion

Cookies are essential pieces of code used to set values in the browser that can be later used for information gathering or security purposes. The use of cookies is increasing due to security concerns, and modern websites store cookies extensively to understand user interactions.

0 comments

Comments


bottom of page