tags:

views:

150

answers:

3
+3  Q: 

How cookies work?

I wanted to know the interactions of a browser (i.e. Firefox ) and a website.

When I submit my user name and password to the login form, what happens? I think that website sends me some cookies and authorizes me by checking those cookies.

Is there a standard structure for cookies?

Update:

Also, how I can see the cookies of specific URL sent to my browser if I want to use that cookie?

+5  A: 

Hai safaali,

Understanding Cookies

Cookies are given to a browser by the server. The browser reveals the cookies as applicable only to the domain that provided the cookie in the first place.

The data in the cookie allows the server to continue a conversation, so to speak. Without the cookie, the server considers the browser a first-time visitor.

Have a look at these to know about browser cookies

Understanding Browser cookies

http://internet-security.suite101.com/article.cfm/understanding_computer_browser_cookies

http://www.willmaster.com/library/cookies/understanding-cookies.php

http://articles.techrepublic.com.com/5100-22_11-6063884.html

Pandiya Chendur  2009-12-28 09:50:44
You may also care to read the actual RFC: http://www.ietf.org/rfc/rfc2109.txt
AJ  2010-01-28 20:20:55
+1  A: 

It depends, because there are many scenarios and abilities of usage of cookies.

One of scenarios is:

  1. User submits login form.
  2. Website authorizes the user and set cookie visible in website domain with user name, password (i.e. MD5 hashed) and sometimes other information.
  3. Cookie is sent with each request, which allows website to check if request is came from the authorized user.

For more details read Wikipedia article about cookies.

Grzegorz Gierlik  2009-12-28 09:54:58
@Peter -- thanks for edit.
Grzegorz Gierlik  2010-01-29 09:40:37
A: 

Usually the cookie contains a session id number. The id number is then connected to session data that is stored on the server. The usual process is then:

  1. Send login form
  2. Server checks username and password
  3. If correct, the username is stored in a session file on the server, along with various other useful information about the user (if it's a site admin, moderator, userid and so on).
  4. The server sends back a cookie containing an id number that identifies the session file
  5. The browser sends the cookie with each request to that server, so the server can open the session file and read the saved data.

Usually the password is not sent more than once (at login in step 1).

Emil Vikström  2009-12-28 09:58:55
You can have cookies without sessions. In fact, it's specifically called a 'session cookie'.
Jacob Relkin  2010-01-28 20:20:01

related questions

Storing xml data in a cookie
Best way to secure an AJAX app
Is it possible to delete subdomain cookies?
What are the possible causes of a CGI::Session::CookieStore::TamperedWithCookie exception in rails
How do I access cookies within Flash?
Cookies and subdomains
Accessing Domain Cookies within an iFrame on Internet Explorer
Web Dev - Where to store state of a shopping-cart-like object?
Can JQuery read/write cookies to a browser?
Can you reliably set or delete a cookie during the server side processing of an Ajax (XHR) call?
How can I add cookies to Seaside responses without redirecting?
passing or reading .net cookie in php page
Best way for allowing subdomain session cookies using Tomcat
Why can't I delete this cookie?!
Apache Download: Make sure that page was viewed before download
Secure session cookies in ASP.NET over HTTPS
Always including the user in the django template context
How do you set up use HttpOnly cookies in PHP
How exactly do you configure httpOnlyCookies in ASP.NET?
How do you configure HttpOnly cookies in tomcat / java webapps?
How do HttpOnly cookies work with AJAX requests?
What is the best way to prevent session hijacking?
Associating source and search keywords with account creation
How would you implement FORM based authentication without a backing database?
How do I stop IIS7 dropping my cookies?