There is no magic:
They often use HTTP Cookies (RFC 6256) to do this.
Process:
Browser sends a request:
GET /index.html HTTP/1.1 Host: www.ischool.berkeley.edu
Server replies with one-or-more cookie headers:
HTTP/1.0 200 OK Content-type: text/html Set-Cookie: cat=leo Set-Cookie: dog=hudson; Expires=Wed, 03 Jun 2014 10:30:00 PST
Browser sends cookies back with every request:
GET /index.html HTTP/1.1 Host: www.ischool.berkeley.edu Cookie: cat=leo Cookie: dog=hudson
[discussion] How does the browser decide which cookies to send?
session— clears cookies without an expiry when the browser is closed (unless you use Chrome)
expiry— only sends the cookie if the current date is before the expiration.
Only works for www.example.com/cats/
:
Set-Cookie: cat=leo; Path=/cats
[discussion] What domain is associated with the cookie?
Works with docs.example.com
, www.example.com
, example.com
, etc. :
Set-Cookie: cat=leo; Domain=.example.com; Path=/
[discussion] Why is the path necessary?