Deep understanding of cookies

Source: Internet
Author: User
Tags header send cookies in domain

Cookie this dongdong, first contact with the Web, you know it, use it is also very simple. But there is a lack of complete understanding of this thing, recently happened to have time, read some information, combined with their previous code, here to do a simple complete introduction bar.

Basic concepts

A cookie is a piece of ASCII text that the Web server sends to the user's browser. Once the cookie is received, the browser stores the cookie fragment as a "key/value" pair. After that, every time you want to send a request to the same server, Web browsers send cookies that were previously stored locally on the site. The communication between the browser and the Web server is communicated through the HTTP protocol, and the cookie is saved in the request portion of the HTTP protocol (Set-cookie).

The specific form is as follows:

SET-COOKIE:CUSTOMER=HUANGXP; Path=/foo;; Expires= Wednesday, 19-oct-05 23:12:40 GMT; [Secure]; HttpOnly

An explanation of each of these attributes:

Domains: The associated domain name, such as, its domain =, where the field defaults to the current request, but if the value in domain in the cookie does not match the requested domain, This cookie will be ignored.

Path: Controls which accesses can trigger a send. For example, the requested address is the URL above, and if Path=/foo, the cookie is sent, but the path is otherwise, and the cookie is ignored.

Expiration time of Expires:cookie

Secure: If the word secure is used as part of the Set-cookie header, then the Cookie can only be transmitted over a secure channel (currently the SSL channel). Otherwise, the browser ignores this cookie

HttpOnly: Only the cookie can be accessed by the client, but the data depends on whether it is supported by the browser, which is generally supported by versions above IE6.


After introducing the basics of cookies, here's a brief description of the next typical network browsing process

Browser action steps for cookies in the Web server answer header:

1. Extract all cookies from the answer header of the Web server.

2. Parse the components (name, value, path, etc.) of these cookies.

3. Determine if the host is allowed to set these cookies. If allowed, the cookies are stored locally.

The browser steps to filter all cookies in the Web server request header:

1. Determine which cookies can be sent to the Web server based on the URL of the request and the properties of the locally stored cookie.

2. For multiple cookies, determine the order in which to send.

3. Add the cookies that need to be sent to the request HTTP header.

Client and server-side actions on cookies

The interaction between them I would like to use the following demo to let you know better

A, the server-side output cookie, the client gets the cookie

protected void Page_Load(object sender, EventArgs e)
   HttpCookie ck = new HttpCookie("TestCK");
   ck.Values.Add("Name1", "1");
   ck.Values.Add("Name2", "2");
   HttpCookie ck1 = new HttpCookie("TestCK_2");
   ck1.Value = "1";
function GetCookie(){

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

Tags Index: