What is a cookie?
A cookie is a token which is generated by the server or a servlet and is sent as part of the response to be received back from the client as part of the subsequent requests. This token contains some information of the client in the form of key-value pair.
What is the need of cookie?
HTTP is a stateless protocol i.e. each request is an independent request for the server. No client information (state) is maintained between requests. In static web sites on the basis of which this protocol is designed, there is no need to store client information between requests. With each request, clients send a page URL contents of which are sent as response by the server.
In dynamic web sites, clients perform complex operations such as sending & receiving mails, purchasing items, transferring money etc. Each of these operations require more than one requests all of which must be treated as a single logical request by the server i.e. the server need to remember client information between these requests.
For an analogy, you can think of the server as Aamir khan of Ghajini movie who had short term memory loss. As in the movie different means such as tattoos, photos, a news reporter etc, were used to let him remember till the end that he need to find and kill Ghajini. Similarly to help the server in remembering the client information between logically related requests, different mechanisms are devised. Cookie is one of them.
What are the types of cookie?
Cookies are of two types:
A persistent cookie has a validity time associated to it i.e. it remain valid for multiple sessions. Persistent cookies are stored by the client browser on the client machine so that they can be used in later sessions. you must have seen the option of keep me signed in in the login page of different web sites such as gmail, facebook etc. We you check such option at the time of login, you are asking the server to send persistent cookies containing your authentication information to be written on your system.
A non persistent cookie remain valid only for the current session. It is stored by the browser in its cache as long the session is active. When the browser is closed the cookie is discarded. By default each cookie is non persistent.
Following analogy will help you understand the difference between the persistent and non persistent cookies. A persistent cookie is like an I-Card which a school or college gives to its students. It contains student information and remain valid for the whole year. A non-persistent cookie is like a visitor pass which is given to the visitors when they visit the school or college. It is taken back from them when they goes out.
Following diagram describes the working of persistent cookies:
Description of the diagram:
Limitations of cookies:
Cookies are not the perfect means of maintaining client information between requests. They have following limitations.
2. Persistent cookies don’t differentiate between the client and the host. If more than one client use the same host and send requests for the same server then cookies set for the one client will be used for the other as well.