Why COOKIES?
COOKIES -> SESSION -> OAUTH
I was studying OAuth and wanted to jot down my research. However, I first considered writing out the fundamental OAuth building blocks.
It is designed with novices in mind.
Here comes the first question: Why are cookies vital?
Without further ado, let’s dive in and learn how the Browser and Server communicate!
The HTTP protocol facilitates the online transfer of hypermedia, including images, videos, and audio. All that hypermedia is a webpage. when a user hits the search icon after entering a URL in the address bar of their browser. He is ‘REQUESTing’ the website’s server to provide the URL’s homepage to the relevant URL.
Accordingly, the “RESPONSE” refers to the process by which the server sends the homepage to the user’s browser.
To fully grasp the use of COOKIES, let’s talk about the two scenarios.
1st scenario: Nainshree requests to access the Amazon login page. The browsing screen receives the Login Page from the server. She enters her ID and Password and presses the Login button. Following Nainshree’s successful login, the server responds to the Amazon homepage. She now requests to view her order history on the Orders Page. However, she observes that the server is unable to reply to the relevant request since it is unable to recall WHO YOU ARE! She notices that she has to re-enter her credentials for each personalized request. That’s the reason why Cookies are introduced in the first place, to aid websites in remembering users and their preferences. Given that HTTP is stateless, it helps in “state persistence”. To read more on HTTP State Management Mechanism, Go to the link provided. Link
2nd scenario: Nainshree requests to access the Amazon Login Page. Following Nainshree’s successful login. In this event, the first response by the server includes a ‘SET-COOKIE’ header in the reply. Refer to the image for Cookies attributes.
Nainshree’s browser receives a cookie from the server called “session-id” with a value (let’s say “12345”). To view order history, she requests to view the Orders Page. This time, the browser appends the received value to the request header under the ‘COOKIE’ header. The browser will include that cookie information in each request that Nainshree makes after that. In this manner, Nainshree’s requests will be remembered by the server.
This occurs as a result of the server setting a file on its disc that matches the Nainshree cookie set.
Definition:
Cookies are small text files that are stored on the user’s device by the browser from the server. Cookies are small pieces of information that a web browser stores on a user’s device. They fulfill several functions, including remembering user preferences, improving website speed, and monitoring user activity for analytical purposes. Cookies give websites the ability to identify visitors, save user data, and provide a customized browsing experience. They may be open to intrusions that steal or alter cookie data, like cross-site scripting (XSS) and cross-site request forgery (CSRF). (We will talk on this topic in detail in another post).
Two types of Cookies:
First-Party Cookie(Amazon User Cred) and Third-Party Cookie(Ads on Amazon Page). The advertisements displayed on the webpage are provided by a different server(say ADS.com). This ADS.com can set a cookie for Nainshree. ADS.com’s cookie is referred to as a third-party cookie. There are several methods used by businesses to monitor customers’ web presence. Third-party cookies are one of them. First-Party cookie is for a website to function smoothly whereas Third-Party cookie is used for tracking purposes.
If you like the content, please like, support, and follow for more!
