Sunday, September 16, 2012

Learn About Cookies

   Almost all of us are familiar with the term “COOKIES”. We use this term quite often when we access the World Wide Web. Sadly, most of us are not aware of the exact meaning and the functioning of cookies. This guide will help you understand what cookies are all about.

But before starting with our discussion on cookies, it is of utmost importance to know how exactly the World Wide Web works. So, we will start with understanding what happens actually when we type a URL (Uniform Resource Locator) on a browser’s window. Let’s take up an example. Suppose you type (Here, http refers to the protocol name; refers to the machine where the required file named home/index.html is located).

Firstly, the browser determines the URL. The browser then asks DNS (Domain Name System, which does the mapping of the URL name and its corresponding IP address) for the IP address of Suppose DNS replies with an IP address of Now, the browser makes a TCP connection to port 80 on It then sends a request for the file /home/index.html. The server sends the file /home/index.html. Then the TCP connection is released. The browser now displays all the text in /home/index.html and fetches and displays all images in this file.

So what are Cookies?
 Now, as we have seen, all that happens with the Web is a request and response sharing between the browser and the server. After sending the file, the server forgets everything about the client (the machine using the browser). No login sessions are involved. In other words, the server does not keep any information about the client. This phenomenon is known as statelessness.

But, it is not the case with all the websites. Some websites are better functioned if the server is informed about the client. An example can be e-commerce. When the users keep on tossing items on to their cart time by time, the server must keep track of the contents of each user’s cart. Another example is a Web portal like Yahoo which allows users signing up.
One might think that this can be done quite easily by the server tracking down the IP addresses of the clients. But, life’s not that easy at times. Many users now work on shared computers at companies. Here the IP address refers to the machine, not the user. Also, in today’s world, almost all the companies work as a single IP address from the point of view of the outside world. So, there is no way a server can identify which user is using which machine. The solution to the problem is Cookies.

To put in simpler words, we can say, Cookies are the files which stores the information about a client/ clients.


Acquiring Cookies
Now let us focus on the generation of cookies. When a client requests a Web page, the server, along with the Web page can send some additional information too. This information may
include a cookie. A cookie is a small file, of about 4kb. The cookies thus received by the browser are stored in a cookie directory on a client’s hard disk (provided that the client has not disabled them). Cookies are just files, not executable programs.  See Fig 1-1 below.

Physical Representation
A cookie may contain a maximum of 5 fields. See the figure below for an example:
Expires on/at

To understand the figure clearly, let us take up some real time examples (the theoretical/numerical data are assumed just for the sake of better understanding, these may be incorrect from the actual point of view).

Expires on/at
23-12-14 03:00
12-01-19 17:30
User ID=234521
20-05-22 12:00
            Fig 1-2. Some examples of cookies.

The Domain field refers to the domain (server) from where the cookie came from.

The Path field denotes a path in the server’s directory structure that identifies which parts of the server’s file tree may use the cookie. It is often ‘/’ which denotes the entire tree.

The Content field is of the form name=value. Both the name and the value can be anything which the server decides.

The Expires on/at field determines the expiry date and time of the cookie. This field may or may not be present. If it is absent, the browser simply discards the cookie upon exit. Such a cookie is often called as a non-persistent cookie. If the field is present, the cookie is said to be persistent and is kept until it expires. The time zone used here is Greenwich Mean Time.
To remove a cookie from the client’s hard disk, the server just sends the cookie all over again with expiration field with a past time/date.

The Secure field is set to indicate that the browser may only return the cookie to a secure server. It has just two values, yes and no. If yes, the browser sends the cookie only to a domain name starting with https:// (indicating secure HTTP).

So how are cookies used?
Now that we are done with how cookies are generated by the server and sent back to the browser, it is now time to discuss how these cookies are used by the browser.
As stated earlier, the browser stores the cookie (file) in a cookie directory on the client’s machine. Now, using cookies won’t alter the mechanism of WWW (as discussed in 1.1) in any manner.
But a minor change is very much acceptable. This is discussed here. In a normal stateless scenario, the browser requests for a file to the server and server responds with that file. But, using cookies will play a role in the former part. Before a browser sends a request for a page to some Website, it checks its cookie directory to see if any cookie has been previously sent by the same Website to the particular client. In more technical terms, we can say, the browser, before requesting a file from a website, checks its cookie directory to see if there is any cookie already present with the Domain field occupied by the same domain as the current server to which request is being made.
 If so, along with the request for the file, the browser also sends the cookies placed by the domain to the server. When these cookies reach the server, the server can do whatever it wishes to with the cookie.

Article Contributed By 




Post a Comment