Skip to Content
Navigation:

A stick figure smiling

Here's a preview from my zine, HTTP: Learn Your Browser's Language! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!

get the zine!
Image of a comic. To read the full HTML alt text, click "read the transcript". get the zine!
read the transcript!

Cookies are a way for a server to store a little bit of information in your browser.

They’re set with the Set-Cookie response header, like this:

browser, represented by a box with a smiley face: GET /my-cats

server, also represented by a box with a smiley face:

200 OK
Set-Cookie: user = b0rk; HttpOnly 
<response body>

(user is the name, b0rk is the value. HttpOnly is the cookie options (expiry goes here))

browser:

GET /my-cats
Cookie: user= b0rk

server, thinking: oh, this is b0rk! I don’t need to ask them who they are then!

Cookies are used by many websites to keep you logged in. Instead of user=b0rk they’ll set a cookie like sessionid=long-incomprehensible-id. This is important because if they just set a simple cookie like user=b0rk, anyone could pretend to be b0rk by setting that cookie!

Designing a secure login system with cookies is quite difficult— to learn more about it, google “OWASP Session Management Cheat Sheet”.