- A cookie is a small amount of data that is stored either in a text file on the client file system or in memory in the client browser session.
- It contains site-specific information that the server sends to the client along with page output.
- Cookies can be temporary (with specific expiration times and dates) or persistent.
- The cookies saved on the client device, and when the browser requests a page, the client sends the information in the cookie along with the request information.
- The server can read the cookie and extract its value.
- A typical use to store a token (perhaps encrypted) indicating that the user has already authenticated in your application.
- Points to Remember Some features of cookies are:
- Store information temporarily
- It just a simple small sized text file
- Can change depending on requirements
- User Preferred
- Requires only a few bytes or KBs of space for creating cookies
Cookies having an expiration date called a persistent cookie. So, This type of cookie reaches their end as their expiration dates come to an end. In this cookie, we set an expiration date.
Non-persistent types of cookies not stored on the client’s hard drive permanently. It maintains user information as long as the user access or uses the services. It’s simply the opposite procedure of a persistent cookie.
Advantages of using cookies
- Configurable expiration rules: The cookie can expire when the browser session ends, or it can exist indefinitely on the client computer, subject to the expiration rules on the client.
- No server resources are required: The cookie stored on the client and read the server after a post.
- Simplicity: The cookie is a lightweight, text-based structure with simple key-value pairs.
- Data persistence: Although the durability of the cookie on a client computer is subject to cookie expiration processes on the client and user intervention, cookies are generally the most durable form of data persistence on the client.
Disadvantages of using cookies
- Size limitations: Most browsers place a 4096-byte limit on the size of a cookie, although support for 8192-byte cookies is becoming more common in the newer browser and client device versions.
- User-configured refusal: Some users disable their browser or client device’s ability to receive cookies, thereby limiting this functionality.
- Potential security risks: Cookies are subject to tampering. Also, Users can manipulate cookies on their computer, which can potentially cause a security risk or cause the application that is dependent on the cookie to fail. Also, although cookies are only accessible by the domain that sent them to the client, hackers have historically found ways to access cookies from other domains on a user’s computer. You can manually encrypt and decrypt cookies, but it requires extra coding and can affect application performance because of the time that required for encryption and decryption.