HTTP Cookies

The HTTP protocol was originally designed to be stateless protocol, which provides some serious hurdles for applications that need to be “session” aware. To address this issue, the HTTP protocol added a lovely thing called cookies. Cookies are sent to a client with the “Set-Cookie:” attribute in the HTTP header, and contain an expiration date and a path to indicate which parts of the URL namespace the cookie applies to. To see which cookies a server attempts to set, the curl utilities “-s” and “-D -” options can be used:

$ curl -s -D – www.google.com | grep “Set-Cookie:”
Set-Cookie: PREF=ID=07ea94644d5a8aa2:TM=1136527125:LM=1136527125:S=Cs8EZN914EXiHOts; \
expires=Sun, 17-Jan-2038 19:14:07 GMT; \
path=/; domain=.google.com

Since your browser is a nice HTTP compliant entity, it will stores these cookies locally, and send them along with each HTTP request in a “Cookie:” header. If you would like to see how the adservers use cookies to provide clever marketing, you can watch cookies wiz by with the Firefox view cookie plugin. If you are super concerned about privacy, you can limit cookies to the domain you visited (this is an option with Firefox and Safari), or you can be super hard core and link your cookie repository to /dev/null (this of course causes issues with some sites).

Leave a Reply

Your email address will not be published. Required fields are marked *