Cookies and Session
Cookies
According to Wikipedia :
An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit-card numbers.
In simple terms, a cookie is a small piece of text stored on a user’s computer by their browser. When the user visits a website, the website sends the cookie to their computer, and the computer stores it in a file located inside the web browser.
- Common uses for cookies are authentication, storing site preferences, shopping cart items, and server session identification.
- Because the cookie is stored on the user’s computer, it does not require any server space no matter how many users you have.
- Cookies provided a way for temporary memory to “improve user experience.”
- Each time the users’ web browser interacts with a web server it will pass the cookie information to the webserver. Only the cookies stored by the browser that relate to the domain in the requested URL will be sent to the server.
- There is a limit to the number of cookies per domain. The number differs per browser, however, the generally used limit is twenty cookies. This is to prevent a single domain from hogging the disk space of the client.
- There is a limit to the total number of cookies on the client’s hard drive. This number also differs per browser but is usually limited to around three hundred cookies. When this number is exceeded, an older cookie is deleted before a new one is created
- Cookies have an expiration date, this date is set so the browser can delete old cookies when they are no longer needed by the webserver. If the expiration date is empty, the cookie will be deleted when the connection with the server is closed. This occurs when the site’s window or tab is closed by the user, or when the user closes the entire browser. These cookies, sometimes called session cookies, are mostly used for storing temporary settings.
- Cookies can store only the “string” data type.
In express, we use cookie-parser to send and receive cookies from web browser.
var cookieParser = require('cookie-parser');// We place them as middleware, so that each request have access to cookies from the browser.app.use(cookieParser());
Once we have cookie Parser in place, we can create a custom cookie.
app.use((req, res, next) => {// this creates a cookie named username in browser with value 'xyz'.res.cookie('username', 'xyz');})
Cookies stored on the browser are sort of lookup table with key-value pairs.
We can access cookies on the server-side using **req.cookies**.
Session
A session can be defined as server-side storage of information that is desired to persist throughout the user’s interaction with the website or web application.
Instead of storing large and constantly changing information via cookies in the user’s browser, only a unique identifier is stored on the client-side (called a “session-id”). This session id is passed to the web-server every time the browser makes an HTTP request, the web application pairs this session id with its internal database and retrieves the stored variables for use by the requested page.
There is no such storage limit on session. Sessions can hold multiple variables. Since they are not easily accessible hence are more secure than cookies.
Thank You
