At the HTTPlevel, it looks like this
(irrelevant headers elided):
Client ??? Server
GET / HTTP/1.1
Host: www.example.com
The HTTP Host request header is mandatory in HTTP1.1. It tells the
server which DNS name was used to contact it. This is essential for
name-based virtual hosting. Thousands of sites may share one IP
address, differentiated only by the Host headers sent by clients.
Server ??? Client
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Set-Cookie: _session_id=6cd3556deb0da54bca060b4c39479839; domain=example.com
In this example, the server explicitly sets the cookie domain to
example.com. Without the domain parameter, the cookie??™s scope would
be limited to www.example.com (the domain of the original request) and
its subdomains, for security reasons. But since the server set the cookie
with the more general domain, it will be shared between requests to
example.com, www.example.com, shop.example.com, and the like.
When a client requests a URI from a server, it sends any applicable cookies in the
request headers.
Client ??? Server
GET /protected-resource HTTP/1.1
Host: www.example.com
Cookie: _session_id=6cd3556deb0da54bca060b4c39479839
By using HTTPcookies, application state is made persistent. This can have its advantages.
Sometimes it is used for tracking; it is an easy way to watch a visitor as he
progresses through a site. But most often, cookies are used to track user authentication
and/or personalization.
Pages:
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308