Cookies in the HTTP protocol are described in detail

Cookies are always stored in the client, and can be divided into memory cookies and hard disk cookies by the storage location in the client. The memory cookie is maintained by the browser, stored in memory, and disappears after the browser is closed, and its presence time is short. The hard disk cookie is saved on the hard drive, there is an expiration time, unless the user manually cleans up or expires, the hard disk cookie is not deleted and its presence time is long. Therefore, by time of existence, it can be divided into non-persistent cookies and persistent cookies.

properties of the cookie

The properties that a generic cookie has, including:

Domain: field that represents the domain or subdomain under which the current cookie belongs.

For Set-cookie returned by the server, if the value of domain is not specified, the value of domain is the primary domain name of the request that defaults to the currently committed HTTP. For example, to access the http://www.example.com, return a cookie, without naming the domain value, then the value is the default www.example.com.

Path: Represents the path to which the cookie belongs.

Expire time/max-age: Indicates the expiration date of the cookie. The value of expire is a time when, after this time, the cookie expires. Or use Max-age to specify how long the current cookie expires. If the server returns a cookie that does not specify its expire time, it indicates that the cookie is valid only for the current session, which is the session cookie, which expires after the current session ends. Accordingly, when the page is closed (in the browser), the cookie should be deleted by the browser.

Secure: Indicates that the cookie can only be transmitted using HTTPS. Cookies, which are generally used to contain authentication information, require the transmission of this cookie when it is transmitted using HTTPS.

HttpOnly: Indicates that this cookie must be used for HTTP or HTTPS transmissions. This means that browser scripts, such as JavaScript, are not allowed to access the operation of this cookie.

The server sends a cookie to the client

From the server side, send a Cookie to the client, which is the corresponding Set-cookie. Includes the name, value, and individual attributes of the corresponding cookie.

Set-cookie:lu=rg3vhjznehyljvg7qi3bzjzg; Expires=tue, 21:47:38 GMT; path=/; domain=.169it.com; HttpOnlySet-cookie:made_write_conn=1295214458; path=/; domain=.169it.comSet-cookie:reg_fb_gate=deleted; Expires=thu, 1970 00:00:01 GMT; path=/; domain=.169it.com; HttpOnly

sending cookies to the server from the client

When a cookie is sent from the client to the server, the individual attributes of the cookie are not sent, but only the corresponding name and value are sent.

get/spec.html http/1.1  Host:www.example.org  cookie:name=value; name2=value2  * /*  

about modifying, setting cookies

In addition to the server sent to the client (browser), through the Set-cookie, create or update the corresponding cookie, but also through the browser built-in some scripts, such as JavaScript, to set the corresponding cookie, The corresponding implementation is the operation of JS Document.cookie.

Limitations of Cookies

• The cookie is appended to each HTTP request, so the traffic is virtually increased.
• Security is problematic because the cookie in the HTTP request is passed in plaintext. (except with HTTPS)
• The size of the cookie is limited to around 4KB. is not enough for complex storage requirements.

Cookies in the HTTP protocol are described in detail