(not the kind you eat)

R. Alexander Miłowski

School of Information, UC Berkeley

How does that site know?

There is no magic:

They often use HTTP Cookies (RFC 6256) to do this.

Anatomy of a Cookie


  1. Browser sends a request:

    GET /index.html HTTP/1.1
  2. Server replies with one-or-more cookie headers:

    HTTP/1.0 200 OK
    Content-type: text/html
    Set-Cookie: cat=leo
    Set-Cookie: dog=hudson; Expires=Wed, 03 Jun 2014 10:30:00 PST
  3. Browser sends cookies back with every request:

    GET /index.html HTTP/1.1
    Cookie: cat=leo
    Cookie: dog=hudson

[discussion] How does the browser decide which cookies to send?


Controlling Paths

Only works for

Set-Cookie: cat=leo; Path=/cats            

[discussion] What domain is associated with the cookie?

Controlling Domains

Works with,,, etc. :

Set-Cookie: cat=leo;; Path=/           

[discussion] Why is the path necessary?