What is a cookie and why is it needed?

In this post, you will learn:

  • What is a cookie?
  • Why is the need of cookie in servlet?
  • What are the types of cookie?
  • What are the limitations of cookie?

What is a cookie?

A cookie is a token which is generated by the server or a servlet and is sent as part of the response to be received back from the client as part of the subsequent requests. This token contains some information of the client in the form of key-value pair.

What is the need of cookie?

HTTP is a stateless protocol i.e. each request is an independent request for the server. No client information (state) is maintained between requests. In static web sites on the basis of which this protocol is designed, there is no need to store client information between requests. With each request, clients send a page URL contents of which are sent as response by the server.

In dynamic web sites, clients perform complex operations such as sending & receiving mails, purchasing items, transferring money etc. Each of these operations require more than one requests all of which must be treated as a single logical request by the server i.e. the server need to remember client information between these requests.

For an analogy, you can think of the server as Aamir khan of Ghajini movie who had short term memory loss. As in the movie different means such as tattoos, photos, a news reporter etc, were used to let him remember till the end that he need to find and kill Ghajini. Similarly to help the server in remembering the client information between logically related requests, different mechanisms are devised. Cookie is one of them.

What are the types of cookie?

Cookies are of two types:

  1. Persistent Cookie.
  2. Non Persistent Cookie.

A persistent cookie has a validity time associated to it i.e. it remain valid for multiple sessions. Persistent cookies are stored by the client browser on the client machine so that they can be used in later sessions. you must have seen the option of keep me signed in in the login page of different web sites such as gmail, facebook etc. We you check such option at the time of login, you are asking the server to send persistent cookies containing your authentication information to be written on your system.

A non persistent cookie remain valid only for the current session. It is stored by the browser in its cache as long the session is active. When the browser is closed the cookie is discarded. By default each cookie is non persistent.

Following analogy will help you understand the difference between the persistent and non persistent cookies. A persistent cookie is like an I-Card which a school or college gives to its students. It contains student information and remain valid for the whole year. A non-persistent cookie is like a visitor pass which is given to the visitors when they visit the school or college. It is taken back from them when they goes out.

Following diagram describes the working of persistent cookies:


Description of the diagram:

1.0 – Client provides a URL to the browser to send HTTP request for it.

1.1 – Browser sends request for the given URL. Assuming that it is the first request from the client for the URL, no cookie is sent with the request.

1.2 – The server sends the requested contents along with some persistent cookies to relate the subsequent requests from the client to the current request.

1.3 – Persistent cookies are stored by the browser in a text file on the client machine.

1.4 – Received contents are rendered on a page by the browser.

2.0 – The client clicks a link or submits a form of the rendered page.

2.1 – URL of the link or form is obtained by the browser to send request for it on the server.

2.2 – Browser checks whether there are some persistent cookies for the server. If found they are read.

2.3 – Request for the URL is sent along with the cookies which are found in the text files.

Limitations of cookies:

Cookies are not the perfect means of maintaining client information between requests. They have following limitations.

1. A client can disable the use of cookies in his browser. In such a case the cookies sent by the server will not be sent back by the browser.

2. Persistent cookies don’t differentiate between the client and the host. If more than one client use the same host and send requests for the same server then cookies set for the one client will be used for the other as well.

In the next post we will learn the use of cookies in servlets to maintain client information between requests.

Its time to recap the main concepts:

  1. HTTP is a stateless protocol i.e. client information is not remembered by the server between requests.
  2. A cookie is token that is used to persist client information between requests in a web application.
  3. Cookies can be of two types persistent and non persistent.
  4. Persistent cookies remain valid for multiple sessions. They are stored on the client machine in a text file.
  5. Non persistent cookies remain valid for a single session.
  6. Cookies can be disabled from the browser.
  7. Persistent cookies don’t differentiate between the client and the host.
If you like the post, then share it...Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

4 thoughts on “What is a cookie and why is it needed?

Leave a Reply

Your email address will not be published. Required fields are marked *