Website Cookies definition is all about understanding a number of fields or components to create a cookie. These fields are the pieces of information to define and set a cookie by a website on a user’s computer system.
Fields – Website Cookies Definition
Every cookie is identified by a name. To the server a cookie name is like a field of a web form or an element of an associative array representing information about a cookie. The server can access the value of a cookie by its name as a key of an associative array.
A cookie defined with a name can be assigned a value to be used by the concerned website to setup user’s preferences. It can be compared with the value sent by a form field passed on by a web form or the value stored against a key in an associative array.
The cookies to be set by a website must eliminate from user’s system after a specific duration as they cannot be there forever. This is called the expiry time of a cookie. The value assigned to “expires” field determines that when the expiry time arrives a cookie is automatically deleted from user’s system. After that if the user visits the same website the server cannot access any value from the cookie. If you want the cookie to last as long as the browser is running on user’s system, this expires field must be set to zero, or omitted while declaring a cookie. The cookie with expires value zero it is automatically deleted after the browser is closed by the user.
path field contains the path of the script accessing the cookie where the browser needs to send the cookie when accessed by a website. It can be set to a specific path or not set at all. In case the path field is not set, the cookie is sent to the current directory where the requesting script is stored in the website’s folder. To avoid any unexpected errors you must set this field with a valid path so that the correct scripts gets the value from cookie for correct action for a visitor.
The domain field is set to the system that has set the cookie on a user’s system. Any mistake in the domain name will fail to send the cookie to the appropriate domain. A cookie set for a specific domain will be accessible by all the sub-domains under the specified domain value set in this field.
To prevent any possibility of insecure access, a cookie can be sent only when a secure HTTP request is sent by the website. If secure field is set in Website Cookies Definition it will be sent only in case the browser has sent an https request. If secure is missing, cookie will be sent back in response to any kind of request by the browser.
To make the browser access a cookie data only by the scripts running on a Web server via HTTP, this filed is to be set. This thing is done to prevent a web application’s vulnerability against cross- site scripting (XSS) threats.
So, website cookies definition can be specified with the above mentioned fields. In the forthcoming posts we will discuss how these values are set for different needs of a website.