Wednesday, 1 August 2012

An Introduction to Cookies

You might have heard about cookies, but what exactly are they and what can we actually do with them? In this tutorial, we will focus on the basics of cookies, and learn about their functionality in various web application and site environments.

Step 1. Understanding Cookies

Abstract


You can most easily think of cookies as text files, which are saved to your computer. On the request of a web server, your browser creates such a file. After this happens, the webserver can read and write content from and to this file. Although this seems like a dangerous feature – after all, no one likes other people writing files to their computer, there are a few restrictions in place to make this process as safe as possible.
  • Web servers can only access cookies which are set to their own domain. This domain is set by the browser when a new cookie is requested by the web server, and can only be the domain or a subdomain of the web server (the web server can choose a subdomain if it wants to). This means that cookies which were set by, for example, google.com can’t be read by mozilla.com, and vice versa.
  • According to the HTTP protocol, cookies can’t be larger than 4096 Bytes (4 KB) each.
  • There is a limit to the number of cookies per domain. The number differs per browser, however, the generally used limit is twenty cookies. This is to prevent a single domain from hogging the disk space of the client.
  • There is a limit to the total number of cookies on the client’s hard drive. This number also differs per browser, but is usually limited to around three hundred cookies. When this number is exceeded, an older cookie is deleted before a new one is created.
Cookies have an expiration date. This date is set so the browser can delete old cookies when they are no longer needed by the webserver. If the expiration date is empty, the cookie will be deleted when the connection with the server is closed. This occurs when the site’s window or tab is closed by the user, or when the user closes the entire browser. These cookies, sometimes called session cookies, are mostly used for storing temporary settings.

Technical

Let’s find out what these things look like on a technical level. Cookies are transferred via the HTTP protocol. This is the protocol used by browsers to retrieve and send files to the server. After a cookie has been requested, it is sent to the server every time a new item on the web page is fetched by the browser. Below, we can see a snippet of a server requesting a new cookie (this snippet is a part of a HTTP response).
Set-Cookie:Name =content data; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/;domain=.example.net  
Now don’t get scared, it’s all very understandable!
  • Set-Cookie: is to let the browser know that the server would like to create a new cookie.
  • Name is the name of the cookie. Each cookie in a domain must have a different name, so the browser can keep all the cookies apart. After the name comes the =content data where ‘content data’ is the data which is to be contained in the cookie. This data can be a text string or a number, and, as said, can be up to 4KB in size.
  • expires= is the command for the expiration date. The expiration date is in the “Wdy, DD-Mon-YYYY HH:MM:SS GMT” format (Don’t ask me why it was defined to this ridiculous format, because I don’t know either. No user ever sees the expiration date, so why waste memory, hard disc space, and bandwidth on long dates?). Don’t worry about it though, because most programming languages have easy to use functions available to you. The browser automatically deletes cookies with an expiration date in the past.
  • The domain and path require some deeper explanation. The domain is the domain in which the cookie will be active. If the domain is ‘ads.google.com,’ the cookie will only be sent to the server of that domain, and if the domain is ‘google.com,’ the cookie will be sent to any server of any of the subdomains of Google, including google.com itself.
  • The path is the path of the domain to which the cookie is sent. This means that, if the path is set to ‘/images/,’ and the domain is set to ‘ads.google.com,’ the cookie will only be sent to the server if the browser requests a file from ‘ads.google.com/images/’. If the path is set to ‘/’, the cookie will be sent to the server regardless of the location of the requested file on the server.

Here you go. I think this article will help you out in understanding basic information about cookies.Soon i will be providing some steps for the creation of cookies so till then hang on guys. 
All the Best

No comments:

Post a Comment