The HTTP protocol was originally designed to be stateless protocol, which provides some serious hurdles for applications that need to be “session” aware. To address this issue, the HTTP protocol added a lovely thing called cookies. Cookies are sent to a client with the “Set-Cookie:” attribute in the HTTP header, and contain an expiration date and a path to indicate which parts of the URL namespace the cookie applies to. To see which cookies a server attempts to set, the curl utilities “-s” and “-D -” options can be used:
curl -s -D - www.google.com | grep "Set-Cookie:"
Set-Cookie: PREF=ID=07ea94644d5a8aa2:TM=1136527125:LM=1136527125:S=Cs8EZN914EXiHOts; \ expires=Sun, 17-Jan-2038 19:14:07 GMT; \ path=/; domain=.google.com