HTTP Cookies

 Overview

The HTTP protocol is stateless; it mandates that a web server must respond to a client’s request without relating the request to previous or subsequent requests.¹ Despite the statelessness dictated by the HTTP protocol, websites are aggressively tracking and canvassing their clients.² HTTP cookies are the mechanism around the HTTP protocol’s statelessness; a cookie acts as container to store and send information about a specific client ‘s internet browsing patterns and preferences; this client information is sent back to a website/web server so that a web server can tailor its response to individual client.

What resources are being used?
Internet cookies typically store a client’s username for a particular website or some other string of data that can uniquely identify the client. Additionally, each cookie stores the name of the domain/website its associated with, the path on the web server the for which the cookie applies and expiration date for the cookie.

Why are the resources are being used
A previously mentioned, the stateless nature of the HTTP protocol prevents a web server from knowing the identity of the client making requests until the user authenticates/logins into a the web servrer; without some knowledge of the client’s identity, the web server is unable to accommodate user preferences or serve up tailored content to the user. Nonetheless, there are many situations where it is advantageous for a web server to know the identity of the client so that it can tailor the delivery of content to user preferences. For instance, when a client first goes to amazon.com to do some shopping, its advantageous for Amazon.com to immediately serve the client content about products that the client has viewed in the past or other products that the website thinks that the client maybe interested in, without requiring the client to sign in/authenticate first. Signing into a web site/authenticating requires effort on the client’s part; Amazon needs to make the shopping experience as interesting and easy as possible to increase the likelihood that that the client will be willing to buy something. To have a future way of seamlessly identifying a given client, the web server stores data about the clients identity inside a cookie and then stores the cookie inside the client’s browser. Upon the client re-visiting the website, the web server identifies the client by retrieving the cookie data that it previously stored in the client’s web browser.

How much are the resources organized?

Cookies have an specific and limited scope. As mandated by Internet Engineering Task Force, cookies can only store 4kb of data, about 40 characters. Cookies have a specific and limited scope because they serve a specific function when merged with other web server resources; a cookie’s explicit purpose is to help the web server identify a specific client. Once the web server extracts the data inside the client’s website cookie, the web server matches the data to the web site’s database/and or maps the cookie data onto the web site’s internal programming functions in the web server. Upon successfully matching the cookie data, the cookie data will trigger the appropriate web server response.

When are the resources organized?

As previously alluded to earlier, when a user visits a web site, the web server of the website will search for the web site’s cookie in the user’s web browser/hard disk. If the cookie does not exist, then, the web server will store/set data about the client inside a cookie as a file. Additionally, when a web server does find a website cookie, in many cases, it will preform organizational maintenance activities on the cookie by update/modify the cookie data.

Who does the organizing activities?

All organizing activities surrounding cookies are conducted the website/web server; it is completely responsible for organizing, accessing, and retrieving cookie data. The client is unaware of/oblivious to the organizing activities surrounding cookies that the website/web server is conducting.

Other considerations

Using cookies is an unreliable way for a web server to identify a givdn client. At any point, the client has the option and ability to delete any or all the cookie files from his or her web browser. Many clients frequently delete cookies from their browsers over privacy concerns; many client’s don’t want to be tracked by a website. Additionally, when a web server attempts to create a cookie file in a client’s web browser/hard disk, the client’s browser has the option to reject the incoming cookie.