Creating Web Apps  «Prev 

What exactly are cookies within the context of the World Wide Web


Testing cookies


Set your browser to reject all cookies. In Chrome, go to Preferences | Advanced options. In Internet Explorer, go to Tools | Internet options, then select the Security tab, and click Internet.
  1. Go to http://www.richersounds.ie. What happened?
  2. Go to your browser preferences and allow cookies.
  3. Return to the site. What happens?

A cookie is a small amount of named data stored by the web browser and associated with a particular web page or website. Cookies were originally designed for server-side programming, and at the lowest level, they are implemented as an extension to the HTTP protocol. Cookie data is automatically transmitted between the web browser and web server, so server-side scripts can read and write cookie values that are stored on the client. This section demonstrates how client-side scripts can also manipulate cookies using the cookie property of the Document object.

Why Cookie?

The name cookie does not have a lot of significance, but it is not used without precedent. In the annals of computing history, the term "cookie" has been used to refer to a small chunk of data, particularly a chunk of privileged or secret data, that proves identity or permits access. In JavaScript, cookies are used to save state and can establish a kind of identity for a web browser. Cookies in JavaScript do not use any kind of cryptography, however, and are not secure in any way (although transmitting them across an https: connection helps).
The API for manipulating cookies is a very old one, which means that it is universally supported. Unfortunately, the API is also quite cryptic. There are no methods involved: cookies are queried, set, and deleted by reading and writing the cookie property of the Document object using specially formatted strings. The lifetime and scope of each cookie can be individually specified with cookie attributes. These attributes are also specified with specially formatted strings set on the same cookie property.