HTTP Cookie

Cookie 的原理——生成和使用过程

Cookies are set using the HTTP Set-Cookie header, sent in an HTTP response. This header instructs the browser to store the cookie and send it back in future requests to the server (the browser will, of course, ignore this header if it does not support cookies or has disabled cookies).
1. The browser sends its first request to the homepage of the www.example.org website:

GET /index.html HTTP/1.1Host: www.example.org...

1. The server responds with two Set-Cookie headers:

HTTP/1.0 200 OKContent-type: text/htmlSet-Cookie: theme=lightSet-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT...

The server’s HTTP response instructs the browser to set two cookies. The first, “theme”, is considered to be a “session” cookie, since it does not have an Expires or Max-Age attribute. Session cookies are intended to be deleted by the browser when the browser closes. The second, “sessionToken” contains an “Expires” attribute, which instructs the browser to delete the cookie at a specific date and time.
3. Next, the browser sends another request to visit the spec.html page on the website. This request contains a Cookie header, which contains the two cookies that the server instructed the browser to set.

GET /spec.html HTTP/1.1Host: www.example.orgCookie: theme=light; sessionToken=abc123...

This way, the server knows that this request is related to the previous one. The server would answer by sending the requested page, and possibly adding other cookies as well using the Set-Cookie header.

The value of a cookie can be modified by the server by including a Set-Cookie header in response to a page request. The browser then replaces the old value with the new value.

References

HTTP cookie
腾讯云-产品文档-cookie原理说明