Here's a preview from my zine, HTTP: Learn your browser's language!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!
read the transcript!
Cookies are a way for a server to store a little bit of information in your browser.
They’re set with the Set-Cookie response header, like this:
first request: server sets a cookie
browser, represented by a box with a smiley face: GET /my-cats
server, also represented by a box with a smiley face:
200 OK
Set-Cookie: user = b0rk; HttpOnly
<response body>
(user is the name, b0rk is the value. HttpOnly is the cookie options (expiry goes here))
Every request after: browser sends the cookie back
browser:
GET /my-cats
Cookie: user= b0rk
server, thinking: oh, this is b0rk! I don’t need to ask them who they are then!
Cookies are used by many websites to keep you logged in. Instead of user=b0rk they’ll set a cookie like sessionid=long-incomprehensible-id. This is important because if they just set a simple cookie like user=b0rk, anyone could pretend to be b0rk by setting that cookie!
Designing a secure login system with cookies is quite difficult— to learn more about it, google “OWASP Session Management Cheat Sheet”.
Saturday Morning Comics!
Want another comic like this in your email every Saturday? Sign up here!
