-
Title:
Cookie Headers - Web Development
-
Description:
-
Okay. So I alluded to this before. Cookies are sent
-
in HTTP headers. So when a server and, and an HTTP
-
response, wants to give you a cookie, wants to assign a
-
cookie to your browser it uses a header that looks something
-
like this. The header name is Set-Cookie. Like all headers, it's
-
followed by a colon and then a space and then the
-
value of the header. And in this particular case, you say,
-
name equals value. There are some other parameters you can have
-
on the cookie that we'll discuss later but, basically, they use
-
the Set-Cookie header to, to set cookie named user_id to this
-
value. And remember, this is the value, and this is the
-
name, and the value can be, you know, up to 4K.
-
Honestly, I don't know if there's a limit to how big
-
the name can be. generally, this is very, very short. If
-
the server wants to set, send the multiple cookies, it can
-
do so by using multiple Set-Cookie, Cookie headers. There's no restriction
-
that says headers have to be unique. A, a server can
-
send as many cookies as it wants. It's up to the browser
-
to decide whether or not to store them. Remember, I said about
-
20 is the max. So try to, try to keep it under
-
there. Now, when, when a, this is under Response. Now, in
-
future requests, the browser sends its own header, that this is the,
-
the name of the header, and remember, this is, you know, this
-
is also the name of the header, over here, Set-Cookie and then
-
the value of the header, in this case, is user_id
-
equals 12345. Again, we have the, the name of the
-
cookie and the value of the cookie. If we were
-
to make this H, this request match what these two cookies
-
were to, when our browser sends multiple cookies, it'll look
-
something like this, user_id equals 12345; which separates each cookie from
-
each other, and then any other cookies. So the browser
-
sends one cookie header with all of your cookies in it.
-
The semicolon is important and you may be wondering, well, what
-
if I want to put a semicolon in my cookie value? And the
-
short answer is, don't. And if you really want to, encode
-
the cookie value, you know? You, this, this can be whatever you
-
want. The browser doesn't care so you can, you can Base64
-
it, you can encrypt it, you can ROT13 it, you can do
-
whatever you want here but make sure you escape those semicolons
-
so you don't goof up your the incoming cookie header. Some frameworks
-
will do this for you. We are going to be operating
-
at a lower level so that's something you'll want to think about.