Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do cookies work?

I want to know all the possible uses of cookies. Are they good or bad? How do they work?

Some Best Practices I collected so far-

Use Cookie-free Domains for Components

tag: cookie

When the browser makes a request for a static image and sends cookies together with the request, the server doesn't have any use for those cookies. So they only create network traffic for no good reason. You should make sure static components are requested with cookie-free requests. Create a subdomain and host all your static components there.

If your domain is www.example.org, you can host your static components on static.example.org. However, if you've already set cookies on the top-level domain example.org as opposed to www.example.org, then all the requests to static.example.org will include those cookies. In this case, you can buy a whole new domain, host your static components there, and keep this domain cookie-free. Yahoo! uses yimg.com, YouTube uses ytimg.com, Amazon uses images-amazon.com and so on.

Another benefit of hosting static components on a cookie-free domain is that some proxies might refuse to cache the components that are requested with cookies. On a related note, if you wonder if you should use example.org or www.example.org for your home page, consider the cookie impact. Omitting www leaves you no choice but to write cookies to *.example.org, so for performance reasons it's best to use the www subdomain and write the cookies to that subdomain.

Implementation Limits

Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents' cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents SHOULD provide each of the following minimum capabilities individually, although not necessarily simultaneously:

* at least 300 cookies
* at least 4096 bytes per cookie (as measured by the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie2 header, and as received in the Set-Cookie2 header)
* at least 20 cookies per unique host or domain name

User agents created for specific purposes or for limited-capacity devices SHOULD provide at least 20 cookies of 4096 bytes, to ensure that the user can interact with a session-based origin server.

The information in a Set-Cookie2 response header MUST be retained in its entirety. If for some reason there is inadequate space to store the cookie, it MUST be discarded, not truncated. Applications should use as few and as small cookies as possible, and they should cope gracefully with the loss of a cookie.

like image 688
Srikar Doddi Avatar asked Jun 29 '10 11:06

Srikar Doddi


People also ask

How do cookies track you?

How do cookies track? Tracking cookies work by storing a unique identifier in the form of a string of letters and numbers in the user web browser. When they are surfing the web, their web browser makes requests of websites' servers. In turn, user information about their device is sent to the website.

Should I accept cookies?

It's a good idea to decline third-party cookies. If you don't decline, the website could sell your browsing data to third parties. Sharing your personal information with third parties without giving you any control over it could also leave you vulnerable.

Do cookies track everything?

Cookies can track any kind of data about users, such as search and browser history, what websites they previously visited, what they googled earlier, their IP addresses, their on-site behavior such as scrolling speed, where they clicked and where their mouse hovered.

What happens if you don't accept cookies?

Accepting cookies will give you the best user experience on the website, while declining cookies could potentially interfere with your use of the site. For example, online shopping. Cookies enable the site to keep track of all of the items that you've placed in your cart while you continue to browse.


1 Answers

Is a knife good or bad :) Simplified explanation: a webserver send a bit of text to the client. This has additional an origin (who sent it) and a "Life span" (how long shall it persist at the client).

Depending on your settings (Browser security) your browser stores this "Text file". When you contact the server (site) later again your browser send the cookie up to the server.

Easy example: I let you choose the font size on my site (small medium large). When you choose your size I (the server) send you a cookie. Next time you visit I ask if this cookie is there - if so I set the font size depending on the cookie content.

There is also security behind cookies - a cookie is only sent to the issuer for an example.

Manfred

like image 156
ManniAT Avatar answered Jun 26 '23 14:06

ManniAT