Cookies can tell you all sorts of interesting things about your visitors. This article explains what they are, how they're structured, why they're useful, and how to implement them on your web site. Code samples are included.
Overview
One of the challenges facing developers of complex web applications has been overcoming the limitations of HTTP, and in particular the stateless nature of the protocol. This means that from the web server's perspective, it treats each transaction between it and a specific client as a unique event, with no continuity from one to the next.
Back in the early days, when the web was essentially a content delivery system, this wasn't too much of a problem. Web servers could process each transaction in turn, delivering the requested content without knowing or caring from where the requests originated. However, with the demand for more complex and secure web transactions to meet the requirements of, for example, ecommerce and social networking, this situation needed to be addressed.
To facilitate a transaction such as making an online purchase, some method is needed by which web servers can at least simulate continuity between one transaction and the next. One possible approach is to handle this on the server side. In many cases this is a desirable way of handling things. But methods have also been devised for handling things on the client side, the most common of which is the cookie.
In essence, a cookie is a small text file that is downloaded from the web server to the client (usually a browser). Each time the client makes a new request to that server it returns the cookie unmodified, thus providing the server with information about the client.
Typically, a cookie will contain a single piece of simple information, such as the user's identity, or a password hash. However, there have been privacy concerns over cookies since the information they contain is essentially arbitrary and chose by the web developer. This means they can also be used for darker purposes such as tracking and reporting on surfing behavior. This puts an obligation on web developers to implement cookies transparently, and in a responsible and respectful manner.
