EDUCBA

Home » Software Development » Blog » Software Development Basics » HTTP Cookies

Http Cookies

Introduction to HTTP Cookies

  • Here we will be learning about Http cookies. Well, before we move ahead to learn cookies, we must understand what Http is. Http is a protocol that facilitates the client-server communication. It is a connectionless protocol and here is exactly where the use of cookies comes in.
  • The term connectionless means, once the data gets exchanged between client and server, none of them could remember what they had exchanged lastly due to which the website admins were not able to understand the actions or surfing nature of the visitors. Now we will see how cookies get implemented and how does it works.
  • Cookies can be defined as the data that is stored by the server in the browser through which the web application was accessed. Once the connection is established between the client and the server, the client sends the request to the server and based on the response, some data has been saved in the browser. There are several purposes of storing the cookies in the client’s browser it could be for ensuring the authentication, for understanding the behavior of the user and so on.
  • Sometimes it’s also called browser cookies. Commonly it is also known as web cookies but preferably people recall it by the term cookies only. In a modern time when e-commerce is booming all across the world, the importance of cookies got magnified. It helps the business to understand what the users are looking for and how likely they are in order to buy something.
  • The social media websites make very efficient use of cookies to enforce good user experience and to protect their system from getting abused.

Create HTTP Cookies

So now we are aware of what HTTP cookies is and how it works in order to mitigate the HTTP connectionless problem. In this section, we will learn how we can create cookies and store them in the user’s browser. The values that are stored in the browser could be used for various purposes based on the requirement of the website. Below is the code to create the cookies.

<?php
// to set the cookie name
$cname = "Web_user1";
//to set the cookies value
$cvalue = "Amit Roy";
// to set the cookies.
setcookie($cname, $cvalue, time() + ( 3600));
?>

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

The above code will set the cookies in the user’s system. setcookie is the method that is used to actually set the cookie. The syntax of the setcookie method is below.

setcookie(cookieName, cookieValue, cookielife)

In the above parameters, only the cookieName is mandatory else remaining are optional. Cookielife is the time till when the cookie will be stored in the browser. It is calculated in seconds. In the above example, its values are 3600 which means it will remain in the user’s browser for 1 hour.

Now let’s see how to use the cookie.

<?php if(!isset($_COOKIE[$cookieName)) {
echo "Please set '". $cookieName;
}
else
{
}
?>
echo "Cookie name is '". $cookie_name;

The above code will echo the cookieName value that was sent as a parameter through the setcookie function. The issue function checks if the variable has been assigned with some value. For the above code below will be the output.

The cookie name is Amit Roy.

Inspect HTTP Cookies with the browser

Now there is probably a high chance that you might be thinking if the cookies are stored is browser than where can you see this. Well, I will show you but before that let me tell you that any website cannot store cookies in your browser without your consent. Now let me show you where can you locate the cookies or the valued store by its mean.

HTTP Cookie1

In the above picture, you will be able to see that the website had stored some cookies in my browser. The image is of Firefox browser and I will tell you how you can locate cookies in Mozilla Firefox. You can follow the below steps to reach the screen that looks like the above one.

Popular Course in this category
All in One Software Development Bundle (600+ Courses, 50+ projects) 600+ Online Courses | 3000+ Hours | Verifiable Certificates | Lifetime Access
4.6 (3,144 ratings)
Course Price

View Course
Related Courses
Software Testing Training (11 Courses)Selenium Training Certification (9 Courses, 4+ Projects)Appium Training (2 Courses)JMeter Certification Training (3 Courses)

Step 1. Click on the three parallel lines that at the top right of the page.

Step 2. Click on the Web developer option.

Step 3. Click on Storage Inspector.

Step 4. Click on the website name for which you want to see the cookies.

HTTP Cookies path

Cookies path is the location in the server where the cookies are stored. In order to let the web pages access the cookies, the web pages must come under the subdirectory. By default, the cookie gets set at the global location from where it could be accessed by all the pages. Below is the code that can be used to set the global cookie.

document.cookie = ‘foo=bar; path=”/”’

In order to set the cookie in any subdirectory, you can use the below code. We have to be very careful while setting the cookie path as the pages that are a level up from the folder will not be able to access the cookies.

document.cookie = ‘foo=bar; path=”/subfolder”’

For instance, the page www.xyz.com/randompage1 will not be able to access the cookie while the page www.xyz.com/subfolder/randompage1 will be able to access it. If you don’t set the path, it will make the cookies global and could be accessible by every page.

HTTP Cookies security

  • Cookies are considered very crucial data for any website and are subject to kept confidential. There are headers in the HTTP request which are usually called HTTP packets which are used to provide security to the cookie.
  • There is an attribute, httponly, which makes the cookie accessible only from the host that has stored the cookies in the browser. It could not let the cookies to be pulled using the document. Cookie together with javascript.
  • document.cookie = ‘foo=bar; Secure;’// It will make the cookie inaccessible by the websites that are not transmitting the data without encryption. In simple terms, the communication between the browser and server must be encrypted by SSL/TSL. Url starting with https could be able to use it while the one with HTTP cannot.
  • document.cookie = ‘foo=bar; httponly;// By using httponly attribute, the cookies could be made inaccessible locally. It must need the request from the server in order to transmit the values set by cookies.

Conclusion

In a quick summary, cookies are considered as the set of code that is used to set some values to the browser that could be used the letter to gather information or to ensure security. The use of cookies is increasing day by day due to the security concern. All the modern websites vigorously store cookies in their user’s system so that they can understand how the user interacts with it.

Recommended Articles

This has been a guide to HTTP Cookies. Here we discuss an introduction, creation of cookies, cookie path, cookie security. You can also go through our other suggested articles to learn more –

  1. What is PHP?
  2. What is a Cyber Attack?
  3. What is Cyber Security?
  4. HTTP Caching

All in One Software Development Course Bundle

600+ Online Courses

3000+ Hours

Verifiable Certificates

Lifetime Access

Learn More

0 Shares
Share
Tweet
Share
Reader Interactions
Leave a Reply

Your email address will not be published. Required fields are marked *