YouTube

Got a YouTube account?

New: enable viewer-created translations and captions on your YouTube channel!

English subtitles

← Cookie Headers - Web Development

Get Embed Code
2 Languages

Edit Subtitles
Download

Showing Revision 3 created 05/25/2016 by Udacity Robot.

  1. Title:
    Cookie Headers - Web Development
  2. Description:

  3. 460 0:00 - 0:04
    Okay. So I alluded to this before. Cookies are sent
  4. 4019 0:04 - 0:08
    in HTTP headers. So when a server and, and an HTTP
  5. 7700 0:08 - 0:11
    response, wants to give you a cookie, wants to assign a
  6. 10890 0:11 - 0:14
    cookie to your browser it uses a header that looks something
  7. 13580 0:14 - 0:17
    like this. The header name is Set-Cookie. Like all headers, it's
  8. 17051 0:17 - 0:19
    followed by a colon and then a space and then the
  9. 18590 0:19 - 0:22
    value of the header. And in this particular case, you say,
  10. 21650 0:22 - 0:26
    name equals value. There are some other parameters you can have
  11. 25760 0:26 - 0:28
    on the cookie that we'll discuss later but, basically, they use
  12. 28352 0:28 - 0:32
    the Set-Cookie header to, to set cookie named user_id to this
  13. 31600 0:32 - 0:35
    value. And remember, this is the value, and this is the
  14. 34690 0:35 - 0:38
    name, and the value can be, you know, up to 4K.
  15. 38100 0:38 - 0:40
    Honestly, I don't know if there's a limit to how big
  16. 39570 0:40 - 0:43
    the name can be. generally, this is very, very short. If
  17. 43248 0:43 - 0:46
    the server wants to set, send the multiple cookies, it can
  18. 46198 0:46 - 0:51
    do so by using multiple Set-Cookie, Cookie headers. There's no restriction
  19. 51030 0:51 - 0:55
    that says headers have to be unique. A, a server can
  20. 54660 0:55 - 0:57
    send as many cookies as it wants. It's up to the browser
  21. 57420 0:57 - 1:00
    to decide whether or not to store them. Remember, I said about
  22. 60260 1:00 - 1:03
    20 is the max. So try to, try to keep it under
  23. 62920 1:03 - 1:06
    there. Now, when, when a, this is under Response. Now, in
  24. 66410 1:06 - 1:10
    future requests, the browser sends its own header, that this is the,
  25. 70365 1:10 - 1:12
    the name of the header, and remember, this is, you know, this
  26. 72300 1:12 - 1:16
    is also the name of the header, over here, Set-Cookie and then
  27. 76040 1:16 - 1:19
    the value of the header, in this case, is user_id
  28. 79000 1:19 - 1:22
    equals 12345. Again, we have the, the name of the
  29. 81950 1:22 - 1:24
    cookie and the value of the cookie. If we were
  30. 83990 1:24 - 1:27
    to make this H, this request match what these two cookies
  31. 87350 1:27 - 1:31
    were to, when our browser sends multiple cookies, it'll look
  32. 90590 1:31 - 1:35
    something like this, user_id equals 12345; which separates each cookie from
  33. 95210 1:35 - 1:39
    each other, and then any other cookies. So the browser
  34. 98750 1:39 - 1:41
    sends one cookie header with all of your cookies in it.
  35. 101292 1:41 - 1:44
    The semicolon is important and you may be wondering, well, what
  36. 104360 1:44 - 1:47
    if I want to put a semicolon in my cookie value? And the
  37. 106980 1:47 - 1:52
    short answer is, don't. And if you really want to, encode
  38. 111770 1:52 - 1:54
    the cookie value, you know? You, this, this can be whatever you
  39. 113860 1:54 - 1:56
    want. The browser doesn't care so you can, you can Base64
  40. 116130 1:56 - 1:59
    it, you can encrypt it, you can ROT13 it, you can do
  41. 119230 1:59 - 2:03
    whatever you want here but make sure you escape those semicolons
  42. 122590 2:03 - 2:06
    so you don't goof up your the incoming cookie header. Some frameworks
  43. 126330 2:06 - 2:09
    will do this for you. We are going to be operating
  44. 128720 2:09 - 2:11
    at a lower level so that's something you'll want to think about.