Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is the cookie "metadata" (expires, path,...) transferred to the server?

When you set a cookie, you set the raw cookie data, and some metadata. This metadata includes the path for where the cookie is valid, the expiration time of the cookie, and so on.

When a browser performs a request, what exactly will the browsers send with it? Will it send the full cookie, with all the "metadata"? Or only the actual data of the cookie, without the metadata?

like image 412
August Lilleaas Avatar asked Jan 16 '10 09:01

August Lilleaas


2 Answers

No only the value of the cookie is returned in subsequent requests, the other metadata stays on the client.

When you define a cookie on the server a Set-Cookie header is created in the response carrying the name, value and other metadata about the cookie. Multiple Cookies will create multiple Set-Cookie headers in the response.

When the browser makes subsequent requests it checks its "database" of available cookies to see which cookies are appropriate for the path being requested. It then creates a single Cookie header in the request that carries just a series of name/value pairs of the qualifying cookies.

Its important to keep tight control on the number of cookies and the size of the data otherwise you may find that the weight of cookie data being sent for each and every request can be deterimental to performance. This would be much worse if the metadata were returned with the cookies as well.

like image 144
AnthonyWJones Avatar answered Sep 18 '22 15:09

AnthonyWJones


The server sets the cookie with the "Set-Cookie" header. This contains the metadata (path and expiry), if specified. The client (browser) only sends the cookie itself in a "Cookie" header.

Firebug is a useful tool for Firefox to view all these headers. Similar tools should be available for other browsers.

like image 27
Ralf Avatar answered Sep 18 '22 15:09

Ralf