What is cookie?
A cookie is a small piece of text file stored on user's computer in the form of name-value pair. Cookies are used by websites to keep track of visitors e.g. to keep user information like username etc. If any web application using cookies, Server send cookies and client browser will store it. The browser then returns the cookie to the server at the next time the page is requested. The most common example of using a cookie is to store User information, User preferences, Password Remember Option etc.It is also one of the common and mostly asked interview questions.
Some facts about Cookie
Here are a few facts to know about cookies:
· Cookies are domain specific i.e. a domain cannot read or write to a cookie created by another domain. This is done by the browser for security purpose.
· Cookies are browser specific. Each browser stores the cookies in a different location. The cookies are browser specific and so a cookie created in one browser(e.g in Google Chrome) will not be accessed by another browser(Internet Explorer/Firefox).
· Most of the browsers store cookies in text files in clear text. So it’s not secure at all and no sensitive information should be stored in cookies.
· Most of the browsers have restrictions on the length of the text stored in cookies. It is 4096(4kb) in general but could vary from browser to browser.
· Some browsers limit the number of cookies stored by each domain(20 cookies). If the limit is exceeded, the new cookies will replace the old cookies.
· Cookies can be disabled by the user using the browser properties. So unless you have control over the cookie settings of the users (for e.g. intranet application), cookies should not be used.
· Cookie names are case-sensitive. E.g. UserName is different than username.
· Cookies are browser specific. Each browser stores the cookies in a different location. The cookies are browser specific and so a cookie created in one browser(e.g in Google Chrome) will not be accessed by another browser(Internet Explorer/Firefox).
· Most of the browsers store cookies in text files in clear text. So it’s not secure at all and no sensitive information should be stored in cookies.
· Most of the browsers have restrictions on the length of the text stored in cookies. It is 4096(4kb) in general but could vary from browser to browser.
· Some browsers limit the number of cookies stored by each domain(20 cookies). If the limit is exceeded, the new cookies will replace the old cookies.
· Cookies can be disabled by the user using the browser properties. So unless you have control over the cookie settings of the users (for e.g. intranet application), cookies should not be used.
· Cookie names are case-sensitive. E.g. UserName is different than username.
Advantages of using cookies
Here are some of the advantages of using cookies to store session state.
· Cookies are simple to use and implement.
· Occupies less memory, do not require any server resources and are stored on the user's computer so no extra burden on server.
· We can configure cookies to expire when the browser session ends (session cookies) or they can exist for a specified length of time on the client’s computer (persistent cookies).
· Cookies persist a much longer period of time than Session state.
· Cookies are simple to use and implement.
· Occupies less memory, do not require any server resources and are stored on the user's computer so no extra burden on server.
· We can configure cookies to expire when the browser session ends (session cookies) or they can exist for a specified length of time on the client’s computer (persistent cookies).
· Cookies persist a much longer period of time than Session state.
Disadvantages of using cookies
Here are some of the disadvantages:
· As mentioned previously, cookies are not secure as they are stored in clear text they may pose a possible security risk as anyone can open and tamper with cookies. You can manually encrypt and decrypt cookies, but it requires extra coding and can affect application performance because of the time that is required for encryption and decryption
· Several limitations exist on the size of the cookie text(4kb in general), number of cookies(20 per site in general), etc.
· User has the option of disabling cookies on his computer from browser’s setting .
· Cookies will not work if the security level is set to high in the browser.
· Users can delete a cookies.
· Users browser can refuse cookies,so your code has to anticipate that possibility.
· Complex type of data not allowed (e.g. dataset etc). It allows only plain text (i.e. cookie allows only string content)
· Several limitations exist on the size of the cookie text(4kb in general), number of cookies(20 per site in general), etc.
· User has the option of disabling cookies on his computer from browser’s setting .
· Cookies will not work if the security level is set to high in the browser.
· Users can delete a cookies.
· Users browser can refuse cookies,so your code has to anticipate that possibility.
· Complex type of data not allowed (e.g. dataset etc). It allows only plain text (i.e. cookie allows only string content)
Thanks for this blog its useful
ReplyDeleteGood content
ReplyDelete