Here's a preview from my zine, HTTP: Learn your browser's language!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!
read the transcript!
Cookies are a way for a server to store a little bit of information in your browser.
They’re set with the Set-Cookie
response header, like this:
first request: server sets a cookie
browser, represented by a box with a smiley face: GET /my-cats
server, also represented by a box with a smiley face:
200 OK
Set-Cookie: user = b0rk; HttpOnly
<response body>
(user
is the name, b0rk
is the value. HttpOnly
is the cookie options (expiry goes here))
Every request after: browser sends the cookie back
browser:
GET /my-cats
Cookie: user= b0rk
server, thinking: oh, this is b0rk! I don’t need to ask them who they are then!
Cookies are used by many websites to keep you logged in. Instead of user=b0rk
they’ll set a cookie like sessionid=long-incomprehensible-id
. This is important because if they just set a simple cookie like user=b0rk
, anyone could pretend to be b0rk by setting that cookie!
Designing a secure login system with cookies is quite difficult— to learn more about it, google “OWASP Session Management Cheat Sheet”.
Saturday Morning Comics!
Want another comic like this in your email every Saturday? Sign up here!