# Cookie

Cookies, of the type "small text file," refer to data (usually encrypted) stored on the Client Side of a user by some Web sites in order to identify the user.

Interactive Web applications are severely hampered by the fact that the HTTP protocol is stateless, meaning that the server does not know what the user did last time. In a typical online shopping scenario, a user browses a few pages and buys a box of cookies and two drinks. At the end of the checkout, because HTTP is stateless, the server does not know what the user has bought without additional means, so cookies are one of the "extra means" used to circumvent HTTP statelessness. The server can set or read the information contained in Cookies to maintain the state of the user's session with the server.

In the shopping scenario just now, when the user chooses the first item, the server sends the user a web page along with a Cookie, which records the information about that item. When a user visits another page, the browser sends a Cookie to the server, so the server knows what he purchased earlier. The user continues to buy drinks, and the server adds new product information to the original Cookie. At checkout, the server reads the cookies sent.

Another typical use of cookies is that when logging into a website, the site often asks the user for a username and password, and the user can check the box "Automatic login next time." If it is checked, the next time the user visits the same site, they will find that they have logged in without entering their username and password. This is precisely because on the previous login, the server sent a Cookie containing login credentials (some encrypted form of username plus password) to the user's hard drive. On the second login, if the Cookie has not expired, the browser sends the Cookie, the server validates the credentials and lets the user log in without having to enter a username and password.