Cookies
Origin Story
When visiting a website, a small amount of data is stored in the user’s computer to identify the computer. This allows for better user experience because now, the user’s session can be tracked.
How this works
Visit a website for the first time. Cookie gets set by website.
General
Request URL: http://yahoo.com/
Request Method: GETResponse Headers:
Set-Cookie: B=2nmlb8hg3ovvo&b=3&s=24; expires=Tue, 01-Mar-2022 05:47:36 GMT; path=/; domain=.yahoo.com
Visit the same website again, cookie is sent back so now website knows who you are.
General
Request URL: http://yahoo.com/
Request Method: GETRequest Headers:
cookie: B=2nmlb8hg3ovvo&b=3&s=24;...Response Headers:
set-cookie: autorf=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=www.yahoo.com
Controversy — Third Party Cookies
When visiting Yahoo.com, the website may include links/resources from other websites e.g. advertisements. When a GET request is sent to those third party websites, they too can set cookies and track.
Most browsers now have settings to block these third party cookies.
One small note on Content Security Policy
The original website can also set content security policy to prevent access to third party sites. https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP