Skip to Content
Navigation:

A stick figure smiling

Here's a preview from my zine, HTTP: Learn your browser's language!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!

Image of a comic. To read the full HTML alt text, click "read the transcript".

browse more comics! get the zine!
read the transcript!

Cookies are a way for a server to store a little bit of information in your browser.

They’re set with the Set-Cookie response header, like this:

browser, represented by a box with a smiley face: GET /my-cats

server, also represented by a box with a smiley face:

200 OK
Set-Cookie: user = b0rk; HttpOnly 
<response body>

(user is the name, b0rk is the value. HttpOnly is the cookie options (expiry goes here))

browser:

GET /my-cats
Cookie: user= b0rk

server, thinking: oh, this is b0rk! I don’t need to ask them who they are then!

Cookies are used by many websites to keep you logged in. Instead of user=b0rk they’ll set a cookie like sessionid=long-incomprehensible-id. This is important because if they just set a simple cookie like user=b0rk, anyone could pretend to be b0rk by setting that cookie!

Designing a secure login system with cookies is quite difficult— to learn more about it, google “OWASP Session Management Cheat Sheet”.

Saturday Morning Comics!

Want another comic like this in your email every Saturday? Sign up here!

I'll send you one of my favourite comics from my archives every Saturday.
© Julia Evans 2024 | All rights reserved (see the FAQ for notes about licensing)