search
Page cover

Cookies

Cookies are small pieces of data stored on a user's device by a web browser. They are used to remember information about the user, such as login sessions, preferences, or tracking data. Cookies are sent between the client (browser) and server with every HTTP request, allowing the server to maintain stateful interactions with the client.

hashtag
Key Features of Cookies

  1. Size Limit: Typically limited to 4KB per cookie.

  2. Scope: Cookies are associated with a specific domain and path.

  3. Expiration: Cookies can have an expiration date (persistent cookies) or expire when the browser is closed (session cookies).

  4. Security: Cookies can be secured using flags like HttpOnly, Secure, and SameSite.

hashtag
How Cookies Work

  1. Server Sends a Cookie:

    • The server includes a Set-Cookie header in the HTTP response to create a cookie.

    • Example:

      HTTP/1.1 200 OK
Set-Cookie: username=JohnDoe; Path=/; Expires=Wed, 01 Jan 2025 00:00:00 GMT; HttpOnly; Secure

  2. Browser Stores the Cookie:

    • The browser stores the cookie and sends it back to the server with every subsequent request to the same domain and path.

    • Example:

      GET /dashboard HTTP/1.1
Cookie: username=JohnDoe

  3. Server Reads the Cookie:

    • The server reads the cookie from the Cookie header in the request and uses it to identify the user or retrieve stored data.

hashtag
Cookie Attributes

Attribute
Description

Name

The name of the cookie (e.g., username).

Value

The data stored in the cookie (e.g., JohnDoe).

Expires

Sets an expiration date for the cookie (e.g., Expires=Wed, 01 Jan 2025 00:00:00 GMT).

Max-Age

Sets the cookie's lifetime in seconds (e.g., Max-Age=3600 for 1 hour).

Domain

Specifies the domain for which the cookie is valid (e.g., Domain=example.com).

Path

Specifies the path for which the cookie is valid (e.g., Path=/dashboard).

Secure

Ensures the cookie is only sent over HTTPS (e.g., Secure).

HttpOnly

Prevents client-side scripts from accessing the cookie (e.g., HttpOnly).

SameSite

Restricts the cookie from being sent in cross-site requests (e.g., SameSite=Strict).

hashtag
Examples of Cookies

Example 1: Session Cookie

A session cookie that expires when the browser is closed:

Example 2: Persistent Cookie

A persistent cookie with an expiration date:

Example 3: Cookie with SameSite Attribute

A cookie that is only sent in first-party contexts:

hashtag
Using Cookies in JavaScript

Setting a Cookie

Reading a Cookie

Deleting a Cookie

Set the expiration date to a past date:

hashtag
Common Use Cases for Cookies

  1. Session Management:

    • Store session IDs to keep users logged in.

    • Example:

  2. Personalization:

    • Remember user preferences (e.g., theme, language).

    • Example:

  3. Tracking:

    • Track user behavior for analytics or advertising.

    • Example:

hashtag
Security Best Practices for Cookies

  1. Use HttpOnly:

    • Prevents client-side scripts from accessing the cookie.

    • Example:

  2. Use Secure:

    • Ensures the cookie is only sent over HTTPS.

    • Example:

  3. Use SameSite:

    • Prevents the cookie from being sent in cross-site requests.

    • Example:

  4. Set Expiration Dates:

    • Use short expiration times for sensitive cookies.

  5. Avoid Storing Sensitive Data:

    • Do not store passwords or credit card information in cookies.

hashtag
Example of a Secure Cookie

A secure session cookie:

hashtag
Summary

  • Cookies are small pieces of data stored on the user's device by the browser.

  • They are used for session management, personalization, and tracking.

  • Cookies can have attributes like Expires, HttpOnly, Secure, and SameSite to enhance security.

  • Always follow security best practices when using cookies to protect user data.

PreviousCORSNextSession

Last updated