Internet cookies are an integral part of the protocol that defines how a web browser and the server communicate. There are number of parameters that can be used when setting a cookie, and these will determine it’s value, and lifetime. But to see how internet cookies work we need to look at how the browser requests and receives a web page.
If you look at the address bar in a browser, you will see the letters http. This stands for ‘HyperText Transfer Protocol’ which is the standard for governing web requests. Regardless of whether cookies are used or not, the browser will send a http request, consisting of a short few lines of text:
Browser -> Server
GET /index.html HTTP/1.1
Host: www.example.com
This simply informs the web server that the browser requests the web page defined in the Host line. The server will send an http response as below:
Browser <- Server
HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: name=value
(webpage)
The server will only send the Set-Cookie line if it wishes to send a cookie to the browser to store. The name and value can be almost anything, but is usually at least a session id to identify this particular user. If the browser accepts the cookie, it will send it back for each subsequent page request on that website.
Browser -> Server
GET /page.html HTTP/1.1
Host: www.example.com
Cookie: name=value
Accept: */*
The name of the cookie can be a recognisable word ( ’user’) or may even be a session id such as - SESS6c52820dbb27c2cc9c2f24f7d37129d8. This may appear to be meaningless, but it is simply an identifier so the server can identify the particular browser.
This is all a cookie is – no more than a small piece of text. They cannot contain viruses or executable code, they are simply a variable being set to a value – and then saved onto the hard drive.
An additional attribute will determine how long the cookie is stored. If a date is set for the ‘expired’ attribute, then the cookie will be deleted after that date – at the latest. It can, of course, be deleted at anytime should the user wish.