Cookies (RFC 6265)
ASCII text created by the server and sent to the client.
HTTP Header - Set-Cookie: VALUE.
Stored in the clients’ cookie jar.
A file or simple database.
The client may freely delete (or edit) cookies.
Client resends the Cookie header to servers.
In every request made for which there is a compatible cookie.
Format is: Cookie: VALUE
Server can keep context using the cookie provided.
Receives a Cookie from the client.
Cookie can contain the session identifier.
Fetches context (session).
Provides a customized answer
Cookies are used as a token enabling authorization.
When set as the result of an authentication process.
Allow obtaining the identity associated with the request.
Loosing a Cookie opens the door to impersonation.
Cookie scope and lifetime are set by the server in the client response.
Client -> Server.
No cookie sent.
Server -> Client.
Set-Cookie: MoodleSession=0r6mroovg98o338clahfd177g0; path=/
Client -> Server.
Cookie: MoodleSession=0r6mroovg98o338clahfd177g0
Last updated