EDUCBA

Home Software Development Software Development Tutorials Software Development Basics HTTP Cookies

HTTP Cookies

Priya Pedamkar
Article byPriya Pedamkar

HTTP Cookies

Introduction to HTTP Cookies

  • Here we will be learning about Http cookies. Well, before we move ahead to learn cookies, we must understand what Http is. Http is a protocol that facilitates client-server communication. It is a connectionless protocol, and here is exactly where the use of cookies comes in.
  • The term connectionless means, once the data gets exchanged between client and server, none of them could remember what they had exchanged; last, the website admins could not understand the actions or surfing nature of the visitors. Now we will see how cookies get implemented and how does it works.
  • Cookies can be defined as the data that is stored by the server in the browser through which the web application was accessed. Once the connection is established between the client and the server, the client sends the request to the server, and based on the response; some data has been saved in the browser. There are several purposes for storing the cookies in the client’s browser; it could ensure authentication, understand the user’s behaviour, and so on.
  • Sometimes it’s also called browser cookies. Commonly it is also known as web cookies, but preferably, people recall it by the term cookies only. In a modern time when e-commerce is booming all across the world, the importance of cookies got magnified. It helps the business understand what the users are looking for and how likely they are to buy something.
  • Social media websites make very efficient use of cookies to enforce a good user experience and to protect their system from getting abused.

Create HTTP Cookies

Now we are aware of what HTTP cookies are and how it works to mitigate the HTTP connectionless problem. This section will learn how we can create cookies and store them in the user’s browser. The stored values in the browser could be used for various purposes based on the website’s requirements. Below is the code to create the cookies.

 

 

<?php
// to set the cookie name
$cname = "Web_user1";
//to set the cookies value
$cvalue = "Amit Roy";
// to set the cookies.
setcookie($cname, $cvalue, time() + ( 3600));
?>

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

The above code will set the cookies in the user’s system. setcookie is the method that is used actually to set the cookie. The syntax of the setcookie method is below:

setcookie(cookieName, cookieValue, cookielife)

In the above parameters, only the cookieName is mandatory; else, the remaining are optional. Cookielife is the time till when the cookie will be stored in the browser. It is calculated in seconds. In the above example, its values are 3600, which means it will remain in the user’s browser for 1 hour.

Now let’s see how to use the cookie.

<?php if(!isset($_COOKIE[$cookieName)) {
echo "Please set '". $cookieName;
}
else
{
}
?>
echo "Cookie name is '". $cookie_name;

The above code will echo the cookieName value that was sent as a parameter through the setcookie function. The issue function checks if the variable has been assigned with some value. For the above code, below will be the output.

The cookie name is Amit Roy.

Inspect HTTP Cookies with the browser

Now there is probably a high chance that you might be thinking if the cookies are stored in the browser, then where can you see this. Well, I will show you but before that, let me tell you that any website cannot store cookies in your browser without your cookie consent. Now let me show you where can you locate the cookies or the valued store by its mean.

HTTP Cookie1

In the above picture, you will be able to see that the website had stored some cookies in my browser. The image is of the Firefox browser, and I will tell you how you can locate cookies in Mozilla Firefox. You can follow the below steps to reach the screen that looks like the above one.

Step 1. Click on the three parallel lines at the top right of the page.

Step 2. Click on the Web developer option.

Step 3. Click on Storage Inspector.

Step 4. Click on the website name for which you want to see the cookies.

HTTP Cookies path

The cookie’s path is the location in the server where the cookies are stored. In order to let the web pages access the cookies, the web pages must come under the subdirectory. By default, the cookie gets set at the global location from where all the pages could access it. Below is the code that can be used to set the global cookie.

document.cookie = 'foo=bar; path="/"’

In order to set the cookie in any subdirectory, you can use the below code. We have to be very careful while setting the cookie path as the pages that are a level up from the folder will not be able to access the cookies.

document.cookie = 'foo=bar; path="/subfolder”’

For instance, the page www.xyz.com/randompage1 will not be able to access the cookie, while the page www.xyz.com/subfolder/randompage1 will be able to access it. If you don’t set the path, it will make the cookies global and could be accessible by every page.

HTTP Cookies security

  • Cookies are considered very crucial data for any website and are subject to kept confidential. There are headers in the HTTP request, which are usually called HTTP packets which are used to provide security to the cookie.
  • There is an attribute, httponly, which makes the cookie accessible only from the host that has stored the cookies in the browser. It could not let the cookies to be pulled using the document. Cookie together with javascript.
  • document.cookie = ‘foo=bar; Secure;’// It will make the cookie inaccessible by the websites that are not transmitting the data without encryption. In simple terms, the communication between the browser and server must be encrypted by SSL/TSL. Url starting with https could be able to use it while the one with HTTP cannot.
  • document.cookie = ‘foo=bar; httponly;// By using httponly attribute, the cookies could be made inaccessible locally. It must need the request from the server in order to transmit the values set by cookies.

Conclusion

In a quick summary, cookies are considered the set of code used to set some values to the browser that could be used the letter to gather information or ensure security. The use of cookies is increasing day by day due to security concerns. All modern websites vigorously store cookies in their user’s systems so that they can understand how the user interacts with them.

Recommended Articles

This has been a guide to HTTP Cookies. Here we discuss an introduction, creation of cookies, cookie path, cookie security. You can also go through our other suggested articles to learn more –

  1. What is a Cyber Attack?
  2. What is Cyber Security?
  3. HTTP Caching
  4. Cookies in JSP