Almost all of us are familiar with the term “COOKIES”. We
use this term quite often when we access the World Wide Web. Sadly, most of us
are not aware of the exact meaning and the functioning of cookies. This guide
will help you understand what cookies are all about.
But before
starting with our discussion on cookies, it is of utmost importance to know how
exactly the World Wide Web works. So, we will start with understanding what
happens actually when we type a URL (Uniform Resource Locator) on a browser’s
window. Let’s take up an example. Suppose you type http://www.itu.org/home/index.html. (Here, http
refers to the protocol name; www.itu.org
refers to the machine where the required file named home/index.html is
located).
Firstly,
the browser determines the URL. The browser then asks DNS (Domain Name System,
which does the mapping of the URL name and its corresponding IP address) for
the IP address of www.itu.org. Suppose DNS replies with an IP address of
156.106.192.32. Now, the browser makes a TCP connection to port 80 on
156.106.192.32. It then sends a request for the file /home/index.html. The www.itu.org
server sends the file /home/index.html.
Then the TCP connection is released. The browser now displays all the text in /home/index.html and fetches and
displays all images in this file.
So what are Cookies?
Now,
as we have seen, all that happens with the Web is a request and response sharing
between the browser and the server. After sending the file, the server forgets
everything about the client (the machine using the browser). No login sessions
are involved. In other words, the server does not keep any information about
the client. This phenomenon is known as statelessness.
But,
it is not the case with all the websites. Some websites are better functioned
if the server is informed about the client. An example can be e-commerce. When
the users keep on tossing items on to their cart time by time, the server must
keep track of the contents of each user’s cart. Another example is a Web portal
like Yahoo which allows users signing up.
One
might think that this can be done quite easily by the server tracking down the
IP addresses of the clients. But, life’s not that easy at times. Many users now
work on shared computers at companies. Here the IP address refers to the
machine, not the user. Also, in today’s world, almost all the companies work as
a single IP address from the point of view of the outside world. So, there is
no way a server can identify which user is using which machine. The solution to
the problem is Cookies.
To put
in simpler words, we can say, Cookies are the files which stores the
information about a client/ clients.
Acquiring Cookies
Now
let us focus on the generation of cookies. When a client requests a Web page,
the server, along with the Web page can send some additional information too.
This information may
include
a cookie. A cookie is a small file, of about 4kb. The cookies thus received by
the browser are stored in a cookie directory on a client’s hard disk (provided
that the client has not disabled them). Cookies are just files, not executable
programs. See Fig 1-1 below.
Physical Representation
A
cookie may contain a maximum of 5 fields. See the figure below for an example:
Domain
|
Path
|
Content
|
Expires on/at
|
Secure?
|
To
understand the figure clearly, let us take up some real time examples (the
theoretical/numerical data are assumed just for the sake of better
understanding, these may be incorrect from the actual point of view).
Domain
|
Path
|
Content
|
Expires on/at
|
Secure?
|
yahoo.com
|
/
|
Cust_ID=431433
|
23-12-14 03:00
|
Yes
|
flipcart.com
|
/
|
Cart=1-0932;1-23
|
12-01-19 17:30
|
No
|
irctc.com
|
/
|
User ID=234521
|
20-05-22 12:00
|
Yes
|
Fig 1-2. Some examples of cookies.
The Domain
field refers to the domain (server) from where the cookie came from.
The Path
field denotes a path in the server’s directory structure that identifies which
parts of the server’s file tree may use the cookie. It is often ‘/’ which
denotes the entire tree.
The Content
field is of the form name=value. Both
the name and the value can be anything which the server decides.
The Expires
on/at field determines the expiry date and time of the cookie. This
field may or may not be present. If it is absent, the browser simply discards
the cookie upon exit. Such a cookie is often called as a non-persistent cookie.
If the field is present, the cookie is said to be persistent and is kept until
it expires. The time zone used here is Greenwich Mean Time.
To
remove a cookie from the client’s hard disk, the server just sends the cookie
all over again with expiration field with a past time/date.
The Secure
field is set to indicate that the browser may only return the cookie to a
secure server. It has just two values, yes
and no. If yes, the browser sends the
cookie only to a domain name starting with https://
(indicating
secure HTTP).
So how are cookies used?
Now that we are done with how cookies
are generated by the server and sent back to the browser, it is now time to
discuss how these cookies are used by the browser.
As stated earlier, the browser stores
the cookie (file) in a cookie directory on the client’s machine. Now, using
cookies won’t alter the mechanism of WWW (as discussed in 1.1) in any manner.
But a minor change is very much
acceptable. This is discussed here. In a normal stateless scenario, the browser
requests for a file to the server and server responds with that file. But,
using cookies will play a role in the former part. Before a browser sends a
request for a page to some Website, it checks its cookie directory to see if
any cookie has been previously sent by the same Website to the particular
client. In more technical terms, we can say, the browser, before requesting a
file from a website, checks its cookie directory to see if there is any cookie
already present with the Domain field
occupied by the same domain as the current server to which request is being
made.
If
so, along with the request for the file, the browser also sends the cookies
placed by the domain to the server. When these cookies reach the server, the
server can do whatever it wishes to with the cookie.
--------------------------------------------------------------------------------------
0 comments:
Post a Comment