tags:

views:

27

answers:

1
Q: 

Dumb question about cookies

I have little experience with web programming and I am implementing an interface where I sent a HTTPS POST Request (with user/password), receive a XML, then I send another HTTPS POST Request (with an additional "passcode" dependent on the XML), receive a XML, (then I am logged in) then I send a HTTPS GET request and get an XML (the data I actually want).

The documentation says: The following cookies are sent to the application ... and then it says: "the application must be able to store cookies".

I wondered why I should store cookies if I am never asked for it. I just started programming that protocol but I saw in a response that I was sent a cookie. Now I wondered whether I need to store the cookie (and worry about it) if I am never asked for it?

+1  A: 

I wondered why I should store cookies if I am never asked for it.

Asked by who? User? User should not care. Cookies are part of protocol that you must implement to be able to communicate with that server.

That protocol spec says that you should store cookies - where you like, and send with each request.

Andrey  2010-10-09 16:05:18
Asked by the service (server). It does not say to send it. Maybe I have to and they missed it in the spec. But as I said I am not experienced with web programming. So I wanted some advice.
Jürgen Hollfelder  2010-10-09 16:11:08
@Jürgen Hollfelder how do you think service will tell you about that? it sends you cookies "I was sent a cookie", this usually implies that you sent them back. Plus it is stated explicitly in documentation, so you definitely should follow.
Andrey  2010-10-09 16:13:10
The documentation says "The application should be able to store cookies". It does not say "... and must send them with each request". But if this is normal and common then I would do so. So thanks for your help. I think I got my question answered.
Jürgen Hollfelder  2010-10-09 16:16:32
@Jürgen Hollfelder ok, this document was intended to advanced web developers. HTTP standard is here: http://www.ietf.org/rfc/rfc2109.txt , look at section 4.3.4 : "When it [client] sends a request to an origin server, the user agent sends a Cookie request header to the origin server if it has cookies that are applicable to the request". So standard is very clear: send cookies if you have them. Your document says store them. well, conclusion is: store and send back :)
Andrey  2010-10-09 16:19:16
Sounds good. Thanks :-))
Jürgen Hollfelder  2010-10-09 16:22:36

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.