What is cookie?
Practically, cookie is a small text
file sent by web server and saved by web browser on client machine. A cookie is a small piece
of text file stored on user's computer in the form of
name-value pair. We use cookies to small information on client’s computer. Common use of cookies is to remember users between
visits.
Cookies are used by websites to keep track of visitors
e.g. to keep user information like username etc. If any
web application using cookies, Server send cookies and client browser
will store it. The browser then returns the cookie to the server at the next
time the page is requested. The most common example of using a cookie is to
store User information, User preferences, Password Remember Option etc.
Here are a few facts to know about cookies:
·
Cookies are domain specific i.e. a domain cannot read
or write to a cookie created by another domain. This is done by the browser for
security purpose.
·
Cookies are browser specific. Each browser stores the
cookies in a different location. The cookies are browser specific and so a
cookie created in one browser(e.g in Google Chrome) will not be accessed by
another browser(Internet Explorer/Firefox).
·
Most of the browsers store cookies in text files in
clear text. So it’s not secure at all and no sensitive information should be
stored in cookies.
·
Most of the browsers have restrictions on the length of
the text stored in cookies. It is 4096(4kb) in general but could vary from
browser to browser.
·
Some browsers limit the number of cookies stored by
each domain(20 cookies). If the limit is exceeded, the new cookies will replace
the old cookies.
·
Cookies can be disabled by the user using the browser
properties. So unless you have control over the cookie settings of the users
(for e.g. intranet application), cookies should not be used.
·
Cookie names are case-sensitive. E.g. UserName is
different than username.
Advantages of using cookies
·
Cookies are simple to use and implement.
·
Occupies less memory, do not require any server
resources and are stored on the user's computer so no extra burden on server.
·
We can configure cookies to expire when the browser
session ends (session cookies) or they can exist for a specified length of time
on the client’s computer (persistent cookies).
·
Cookies persist a much longer period of time than
Session state.
·
Cookies are very useful if we want to store small
value.
Disadvantages
of using cookies
·
As mentioned previously, cookies are not secure as they
are stored in clear text they may pose a possible security risk as anyone can
open and tamper with cookies. You can manually encrypt and decrypt
cookies, but it requires extra coding and can affect application performance because
of the time that is required for encryption and decryption
·
Several limitations exist on the size of the cookie
text(4kb in general), number of cookies(20 per site in general), etc.
·
User has the option of disabling cookies on his
computer from browser’s setting .
·
Cookies will not work if the security level is set to
high in the browser.
·
Users can delete a cookies.
·
Users browser can refuse cookies, so your code has to
anticipate that possibility.
Complex type of data not allowed (e.g. dataset etc).
It allows only plain text (i.e. cookie allows only string content)
0 comments:
Post a Comment