4. HTTP Cookies
A cookie is a piece of data that is issued by a server in an HTTP response and stored for future use by the HTTP client. The client then re-supplies the cookie value in subsequent requests to the same server. This mechanism allows the server to store user preferences and identity individual users.
4.1 Setting Cookies
Servers supply cookies by populating the set-cookie response header with the following details:
Name |
Name of the cookie |
Value |
Textual value to be held by the cookie |
Expires |
Date/time when the cookie should be discarded by the browser. If this field is empty the cookie expires at the end of the current browser session. This field can also be used to delete a cookie by setting a date/time in the past. |
Path |
Path below which the cookie should be supplied by the browser. |
Domain |
Web site domain to which this cookie applies. This will default to the current domain and attempts to set cookies on other domains are subject to the privacy controls built into the browser. |
These fields allow a server to create, modify, delete, and control which parts of a web site will receive the cookie.
4.2 Retrieving Cookies
Whenever a client is about to make an HTTP request it consults its local cookie store to see if any unexpired cookies match the path and domain it is about to use. Any matching cookie values are submitted back to the server using the cookie header.
Example 4
Using HttpWatch with Example 4
To view the use of cookies on this page:
- Open HttpWatch by right clicking on the web page and selecting HttpWatch from the context menu
- Click on Record to start logging requests in HttpWatch
- Use the form above to create or edit cookies for this page
- Optional: You can add a filter to only capture access to this page by adding a 'URL contains' condition with the value "cookies/"
- To view cookies for this page, select its entry in the HttpWatch log and go to the Cookies tab