Cookies
Cookies are a general mechanism that server-side connections can use to both store and retrieve information about the client side of the connection. Cookies can contain any piece of textual information, within an overall size limit per cookie of 4 | . Cookies have the following attributes:
| Name: The name of the cookie.
|
| Value: The data that the server wants passed back to it when a browser requests another page.
|
| Domain: The address of the server that sent the cookie and that receives a copy of this cookie when the browser requests a file from that server. The domain can be set to equal the subdomain that contains the server so that multiple servers in the same subdomain receive the cookie from the browser.
|
| Path: Used to specify the subset of URLs in a domain for which the cookie is valid.
|
| Expires: Specifies a date string that defines the valid lifetime of that cookie.
|
| Secure: Specifies that the cookie is only sent if HTTP communication is taking place over a secure channel (known as HTTPS).
|
A cookie's life cycle proceeds as follows:
| The user gets connected to a server that wants to record a cookie.
|
| The server sends the name and the value of the cookie in the HTTP response.
|
| The browser receives the cookie and stores it.
|
| Every time the user sends a request for a URL at the designated domain, the browser sends any cookies for that domain that have not expired with the HTTP request.
|
| When the expiration date has been passed, the cookie crumbles.
|
Non-persistent cookies are created without an expiry date-they will only last for the duration of the user's browser session. Persistent cookies are set once and remain on the user's hard drive until the expiration date of the cookie. Cookies are widely used in dynamic Web applications, which we address later in this chapter, for associating a user with server-side state information.
More information about cookies can be found at:
http://www.cookiecentral.com/faq