English subtitles

← Cookie Headers - Web Development

Get Embed Code
2 Languages

Showing Revision 3 created 05/25/2016 by Udacity Robot.

  1. Okay. So I alluded to this before. Cookies are sent
  2. in HTTP headers. So when a server and, and an HTTP
  3. response, wants to give you a cookie, wants to assign a
  4. cookie to your browser it uses a header that looks something
  5. like this. The header name is Set-Cookie. Like all headers, it's
  6. followed by a colon and then a space and then the
  7. value of the header. And in this particular case, you say,
  8. name equals value. There are some other parameters you can have
  9. on the cookie that we'll discuss later but, basically, they use
  10. the Set-Cookie header to, to set cookie named user_id to this
  11. value. And remember, this is the value, and this is the
  12. name, and the value can be, you know, up to 4K.
  13. Honestly, I don't know if there's a limit to how big
  14. the name can be. generally, this is very, very short. If
  15. the server wants to set, send the multiple cookies, it can
  16. do so by using multiple Set-Cookie, Cookie headers. There's no restriction
  17. that says headers have to be unique. A, a server can
  18. send as many cookies as it wants. It's up to the browser
  19. to decide whether or not to store them. Remember, I said about
  20. 20 is the max. So try to, try to keep it under
  21. there. Now, when, when a, this is under Response. Now, in
  22. future requests, the browser sends its own header, that this is the,
  23. the name of the header, and remember, this is, you know, this
  24. is also the name of the header, over here, Set-Cookie and then
  25. the value of the header, in this case, is user_id
  26. equals 12345. Again, we have the, the name of the
  27. cookie and the value of the cookie. If we were
  28. to make this H, this request match what these two cookies
  29. were to, when our browser sends multiple cookies, it'll look
  30. something like this, user_id equals 12345; which separates each cookie from
  31. each other, and then any other cookies. So the browser
  32. sends one cookie header with all of your cookies in it.
  33. The semicolon is important and you may be wondering, well, what
  34. if I want to put a semicolon in my cookie value? And the
  35. short answer is, don't. And if you really want to, encode
  36. the cookie value, you know? You, this, this can be whatever you
  37. want. The browser doesn't care so you can, you can Base64
  38. it, you can encrypt it, you can ROT13 it, you can do
  39. whatever you want here but make sure you escape those semicolons
  40. so you don't goof up your the incoming cookie header. Some frameworks
  41. will do this for you. We are going to be operating
  42. at a lower level so that's something you'll want to think about.