Cookie features and Usage experience/recommendations Summary

Source: Internet
Author: User
Tags subdomain domian
This is a creation in Article, where the information may have evolved or changed.

First, preface

    • What is a cookie?

Cookies are data stored in the browser side in the form of Key,value.

Ii. Working principle & Application Scenario

    • Working principle

At the time of Request, the browser places the cookie information in the http-request headers.
In Response, the browser saves the cookie information in the Http-response headers information.

The core information of a cookie consists of three parts: Name, Value, expiration time.
The cookie is overwritten, so the addition, update, and deletion of the cookie are performed by the browser, which is the setting (set) action.

    • Application Scenarios
    1. Remember user name
    2. Shopping Cart Information

Third, the characteristics

1. Storage Features

    • (1) Limited storage size, related to browser version
    • (2) Limited number of storage bars, related to browser version
    • (3) Character encoding is Unicode and does not support direct storage of Chinese
    • (4) Storage content can be easily viewed, and it is not recommended to store sensitive information
    • (5) Poor reliability, may be removed for various reasons at any time
    • (6) Storage properties In addition to name, Value, expiration time, and Domian, Path, the current domain can manipulate the current domain subdomain, the parent domain's cookie, the current path, you can manipulate the current path and the current path child, the parent path under the cookie. is the subdomain of, the parent domain of, and also the sibling domain name of Apps under can access cookies under and *, but cannot access cookies under

Path: For example page: Http:// path is/home/about, this path can be accessed to the root path/and/home/* under the path of the cookie, then cannot access the cookie under the/category

2. Transmission characteristics

    • (1) Each request client complies with Domian and the cookie requested by path will be transmitted to the server via the request headers
    • (2) The size of the transmitted cookie is limited by the browser and the Web server

3. Safety features

    • The information in the cookie is easily viewable and is recommended for storage after encryption
    • Cookies are easily exploited by XSS attacks, can be set httponly=true, do not allow client access (99.9% of browsers are valid)

Iv. use of experience/advice

    • Do not store unencrypted sensitive information (security)
    • If you do not need to access the client, set Httponly=true (security)
    • Set a reasonable expiration time (transfer efficiency)
    • Do not store too much content (transfer efficiency)
    • Do not store too many entries (transfer efficiency)
    • Set reasonable Domian, path, reduce unnecessary cookie transmission (transfer efficiency)
    • Do not store non-Unicode characters (availability)
    • Do not store non-recoverable information (reliability)
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.