Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does every web request send the browser cookies?

Tags:

cookies

Does every web request send the browser's cookies?

I'm not talking page views, but a request for an image, .js file, etc.

Update If a web page has 50 elements, that is 50 requests. Why would it send the SAME cookie(s) for each request, doesn't it cache or know it already has it?

like image 570
mrblah Avatar asked Aug 26 '09 16:08

mrblah

People also ask

Are browser cookies sent with every request?

Cookies are sent with every request, so they can worsen performance (especially for mobile data connections). Modern APIs for client storage are the Web Storage API ( localStorage and sessionStorage ) and IndexedDB.

Why is cookie not sent with request?

If the server doesn't allow credentials being sent along, the browser will just not attach cookies and authorization headers. So this could be another reason why the cookies are missing in the POST cross-site request.

How are cookies sent to browser?

Cookies are sent by the browser to the server when an HTTP request starts, and they are sent back from the server, which can edit their content. Cookies are essentially used to store a session id.

Do web browsers share cookies?

No, you cannot share cookies across web browsers. At present, there are no services that synchronizes cookies just like how bookmarks are synchronized. It does not make sense for you to share a cookie across browsers or even machines, because cookies are supposed to be used to identify unique sessions.

2 Answers

Yes, as long as the URL requested is within the same domain and path defined in the cookie (and all of the other restrictions -- secure, httponly, not expired, etc) hold, then the cookie will be sent for every request.

like image 56
Ian Clelland Avatar answered Sep 21 '22 15:09

Ian Clelland

As others have said, if the cookie's host, path, etc. restrictions are met, it'll be sent, 50 times.

But you also asked why: because cookies are an HTTP feature, and HTTP is stateless. HTTP is designed to work without the server storing any state between requests.

In fact, the server doesn't have a solid way of recognizing which user is sending a given request; there could be a thousand users behind a single web proxy (and thus IP address). If the cookies were not sent every request, the server would have no way to know which user is requesting whatever resource.

Finally, the browser has no clue if the server needs the cookies or not, it just knows the server instructed it to send the cookie for any request to foo.com, so it does so. Sometimes images need them (e.g., dynamically-generated per-user), sometimes not, but the browser can't tell.

like image 31
derobert Avatar answered Sep 19 '22 15:09

derobert
Sign in to Comment

Related questions

Can I set the cookies to be used by a WKWebView?
Javascript Cookie with no expiration date
Set cookies for cross origin requests
JWT vs cookies for token-based authentication
Token Authentication vs. Cookies
Delete cookie by name?
Correct way to delete cookies server-side
Get and Set a Single Cookie with Node.js HTTP Server
Is there a setting on Google Analytics to suppress use of cookies for users who have not yet given consent
How to set a cookie for another domain
How do I uniquely identify computers visiting my web site?
Make Axios send cookies in its requests automatically
How do HttpOnly cookies work with AJAX requests?
Chrome doesn't delete session cookies
How can I set cookie in node js using express framework?
Create, read, and erase cookies with jQuery [duplicate]
Set a cookie to never expire
Cookies vs. sessions
Where to store JWT in browser? How to protect against CSRF?
What is the shortest function for reading a cookie by name in JavaScript?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!