What Exactly Are HTTP Cookies?
We all have the nasty experience of facing prompts asking us to accept cookies when we visit some of the websites. Why are they asking our consent? What exactly are cookies? And why it is a big deal? Well, these are the questions you will find answers to after reading this article.
HTTP Cookie is basically a small piece of data, that servers send to our browser and our browsers save them. Then whenever you make subsequent requests to the same server, these cookie information are being passed out to the server by our browser to make the request more personalised since HTTP is stateless. Cookies gives a statefulness to boring and stateless HTTP protocol.
There are few purposes to cookies:
1. Session management.
Here’s what I mean. In many of the online retail sites nowadays, you can add items to the cart without logging in or creating an account. If you leave the site and come back again, you can still see your shopping cart information. These details are obviously not coming from the database(you’re not even logged in). So what exactly is happening in there? Well, those information are temporarily saved in the server with the help of sessions. Cookies makes this process possible.
2. Personalization.
Sometimes we visit websites and we pick dark theme as our preference. And then you close the tabs and forget all about it. Then again after weeks, you may again visit the same website to find the preferences you selected are still being honoured and website is in dark mode. Well, this is a small illustration as to what cookies are capable of doing. Say we made a preference. Then what server does is, it passes out cookies containing our preference. Then our browser stores it and when you decide to pay a visit again to the same website, it appends your preferences along with the request.
3. Tracking.
This is where all the legislature gets involved because there are privacy concerns regarding user’s data. Since cookies contain data related user’s interests, locations etc, they can be used for tracking or analysing. This is not rightful, so that’s why modern websites ask for our consent before doing anything with cookies. That’s what we’re being prompted when we visit websites.
Creating Cookies with Express.
Consider the following code snippet:
After you visit, http://localhost:3000/setname once, a cookie will be sent from server with ‘name’ set to ‘kitty’ and will be stored in your browser. You can view cookie in Chrome Developer tools under applications tab.
After the initial request to ‘/setname’, every other request to http://localhost:3000/ will have the cookie pre-defined, and will be sent again and again with every request. This can potentially slow down the performance.
Using Cookies with Express.
Unfortunately you cannot directly access cookies from req object in express. You have to install cookie-parser in-order to access whatever data that’s been stored in cookies.
Consider the following example of using cookie-parser to parse cookie information.
Requests to http://localhost:3000/greet will send a response of a greeting with the name stored in cookie. After installing cookie-parser, name is extracted and it’s used to craft the response.
That was a quick into into HTTP cookies. See you next time! Happy Coding!
