What are HTTP Cookies? HTTP cookies is a common term known among web users and technology developers. It is nothing but bits of data that the web server sends to a user's web browser and later receives it back with consequent requests. This data exchange between the web server and the user's browser helps the former retain user information and identify and distinguish one user from another. When a user connects to a network, the server uses this information from the cookies to show the relevant information to that specific user. While cookies are often unique to every website, some exceptions exist due to advertisements. Normally cookies remember a user's login details and their preferences and themes. As the user travels across the web, an advertisement cookies tracks the common themes through the user's browsing behavior. They later show ads to the users based on those themes. Kinds of HTTP Cookies There are two different types of HTTP cookies, namely, session and persistent cookies. While the session cookies survive only through a browser session and get deleted automatically when the browser session ends, the persistent cookies have an indefinite lifetime unless they have an explicit expiration date. The session cookies help retrieve the information even if the user presses the back button of the browser. The persistent cookies store a user's login information and store specific sites' passwords to recover when the user revisits the website or tries to log in. It helps the online merchants to track the pages and products a user views, thus giving them enough information to suggest items relevant to a user's interest. What are the Cookie Attributes? There are primarily five cookie attributes, which, if configured correctly, ensure the secure implementation of cookies. These attributes include Secure, Domain, Path, HTTPOnly, and Expires. The Secure attribute assures that the cookies are sent only with requests over an encrypted network, that is, over an HTTPS protocol. It prevents attackers from stealing cookies by sniffing. The Domain and Path attributes define the scope of a cookie and distinguish the URLs for which the cookies are valid. The HTTPOnly attribute restricts the client-side scripts to access the cookie. It prevents the cookies from XSS (or Cross-Site Scripting) attacks. Finally, the Expires attribute sets the persistent cookies' life term by telling the browser after how long it should delete the cookie. Without an Expires attribute, the cookie expires when a browser session ends.
