Questions tagged [cookies]

An HTTP cookie is a piece of data stored by the user's web browser. Unless otherwise specified, cookies can be created, read, modified and deleted both by JavaScript and from server-side through HTTP headers.

An HTTP cookie is a piece of data stored by the user's web browser. Unless otherwise specified, cookies can be created, read, modified and deleted both by JavaScript and by server-side through HTTP headers.

Cookies can be used to remember the state of the session, such as authentication, state of GUI controls and personalization through user preferences. They can also be inappropriately used to track the browsing history and to transfer malware.

A server sets a cookie using Set-Cookie HTTP header:

 Set-Cookie: someName=someValue; Expires=Fri, 18-Jan-2013 10:13:13 GMT
 Set-Cookie: someOther=someOtherValue

It is possible to set cookies also on image and similar content that makes them a powerful tracking tool. When cookie is set, it is reported back by the browser:

 Cookie: someName=someValue; someOtherName=someOtherValue

For more security, cookies can be restricted to some domain and path:

 Set-Cookie: name=value; domain=www.foo.com; Path=/hereonly

They can also have additional secure (HTTPS only but accessible through JavaScript) and httponly (HTTP or HTTPS but not accessible through JavaScript) attributes:

 Set-Cookie: goldlocation=somewhere; Domain=.morgan.com; secure; httponly

In this example the cookie is accessible for all subdomains of morgan.com but only through HTTPS and not accessible from JavaScript.

Cookie access control is based on domain, (optionally) path and (optionally) URL scheme (http: vs. https:). The rules governing cookies are not the same as the access control rules of the DOM in JavaScript which are based on the same domain policy, but because cookie access is mostly based on domain name, they are sometimes confused with the usual HTTP same domain policy.

The behaviour of HTTP cookies in real life browsers is not described in any RFC (thus quoting a RFC to describe cookies is almost always wrong). The various RFC are of historical interest.

Browsers are recommended to allow at least 20 cookies per domain and 4KB per cookie. If you are looking for an alternative to cookies that aren't sent in HTTP headers and can store more data, consider local-storage

Implementation Hint

For jquery fans, there is a simple plugin make it easy to deal with cookies (write, read and delete) could be found here.

Questions:

34843 questions

103

votes

9 answers

How can I set a cookie with expire time?

I am setting a cookie with JavaScript and it is working fine but it is not taking the expire time I am giving. It keeps on taking session value regardless of what I give, below is the code which I took from here var now = new Date(); var time =…

javascript cookies

asked Oct 31 '12 at 09:14

antnewbee

1,779
4
25
38

102

votes

7 answers

How to delete a cookie using jQuery?

I want to use jQuery to delete cookies; I have tried this: $.cookie('name', '', { expires: -1 }); But when I refresh the page, the cookie is still there: alert('name:' +$.cookie('name')); Why?

jquery cookies jquery-cookie

asked Sep 08 '10 at 20:35

user319854

3,980
14
42
45

102

votes

11 answers

How can I list all cookies for the current page with Javascript?

Is there any way to, with help of Javascript, list all cookies associated with the current page? That is, if I don't know the names of the cookies but want to retrieve all the information they contain.

javascript cookies

asked Aug 03 '10 at 21:08

Speldosa

1,900
5
21
36

101

votes

3 answers

How many characters can be stored in 4KB?

How many characters can i store in 4kb when the characters are in utf-8 encoding ?

cookies utf-8 character

asked Nov 04 '10 at 19:11

Pockata

1,518
3
13
13

votes

8 answers

Can jQuery read/write cookies to a browser?

Simple example: I want to have some items on a page (like divs or table rows), and I want to let the user click on them to select them. That seems easy enough in jQuery. To save which items a user clicks on with no server-side post backs, I was…

javascript jquery cookies

asked Sep 18 '08 at 18:17

casademora

67,775
17
69
78

votes

12 answers

How to delete cookies on an ASP.NET website

In my website when the user clicks on the "Logout" button, the Logout.aspx page loads with code Session.Clear(). In ASP.NET/C#, does this clear all cookies? Or is there any other code that needs to be added to remove all of the cookies of my…

c# asp.net session cookies session-cookies

asked Jul 09 '11 at 14:26

Karthik Malla

5,570
12
46
89

votes

4 answers

Cookie path and its accessibility to subfolder pages

Let's say I have a website with domain: www.example.com If I set a cookie with path '***/***' the cookie will be accessible via all pages in the domain,…

url cookies httpcookie global-path url-path

asked Feb 23 '09 at 04:34

Nordin

3,087
5
28
35

votes

16 answers

Why does Android WebView sporadically not sending my session cookie?

I have a server that sends my android app a session cookie to be used for authenticated communication. I am trying to load a WebView with a URL pointing to that same server and I'm trying to pass in the session cookie for authentication. I am…

android cookies webview

asked Oct 30 '09 at 23:51

nannerpus

1,425
1
12
11

votes

4 answers

Where are an UIWebView's cookies stored?

I'm building an iPhone app with cookies. Deleting cookies in the Safari settings doesn't delete them. Where are they stored? Is it possible to read them from another UIWebView? Thanks!

iphone cookies

asked Apr 21 '09 at 07:49

dot

2,823
7
38
52

votes

12 answers

Destroy cookie NodeJs

I am using Cookies module for setting cookie. Here is following my code: var options = { maxAge: ALMOST_ONE_HOUR_MS, domain: '.test.com', expires: new Date(Date.now() + ALMOST_ONE_HOUR_MS) }; var value =…

node.js cookies

asked Jan 16 '15 at 07:04

Manwal

23,450
12
63
93

votes

9 answers

phpmyadmin automatic logout time

How can I change the phpmyadmin automatic log out time? It will log out automatically after 1440 seconds which is very low for me. How can I change the option or remove log in request completely?

php mysql database cookies phpmyadmin

asked Jun 30 '12 at 09:19

Abadis

2,671
5
28
42

votes

3 answers

Why am I getting "Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute"?

In a Chrome warning, it says: Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use. How do I do this correctly using express-session? app.use( cors({ credentials: true, …

cookies express-session

asked Aug 05 '20 at 21:34

Squirrl

4,909
9
47
85

votes

14 answers

How to detect server-side whether cookies are disabled

How can I detect on the server (server-side) whether cookies in the browser are disabled? Is it possible? Detailed explanation: I am processing an HTTP request on the server. I want to set a cookie via the Set-Cookie header. I need to know at that…

http cookies server-side

asked Feb 10 '09 at 07:49

Oleksandr Yanovets

4,661
4
31
26

votes

9 answers

Handling cookies in PhoneGap/Cordova

I'm working on a PhoneGap app with server session usage. It needs cookies to handle the session. Additionally, the cookie from the load balancer should be handled, too. So there is no way around. How do you handle Cookies in your PhoneGap app? I…

cordova cookies xmlhttprequest

asked Mar 11 '13 at 21:41

Bernd

1,111
2
9
7

votes

12 answers

What's the significance of Oct 12 1999?

In the SignOut method of System.Web.Security.FormsAuthentication, the ASP.NET team chose to expire the FormsAuth cookie by setting the expiration date to "Oct 12 1999". HttpCookie cookie = new HttpCookie(FormsCookieName, str); cookie.HttpOnly =…

.net asp.net cookies

asked Mar 31 '09 at 13:44

Portman

31,785
25
82
101

Prev 1 2 3

…

99 100 Next