An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with the next request to the same server.
Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in.
It remembers stateful information for the stateless HTTP protocol.
Cookie attributes
Domain and path
Set-Cookie: HSID=AYQEVn…DKrdst; Domain=.foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; HttpOnly
Expires and Max-Age
The Expires
attribute defines a specific date and time for when the browser should delete the cookie.
the Max-Age
attribute can be used to set the cookie's expiration as an interval of seconds in the future.
Secure and HttpOnly
The Secure
and HttpOnly
attributes do not have associated values. Rather, the presence of just their attribute names indicates that their behaviors should be enabled.
Server -> Client : set-cookie field
The Set-Cookie HTTP response header sends cookies from the server to the user agent. A simple cookie is set like this:
Set-Cookie: <cookie-name>=<cookie-value>
Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2018 07:28:00 GMT;
Client -> Server: Cookie field
Cookie: name=value; name2=value2; name3=value3
Solution for client browser disabled cookies
1.URL rewrite
2.Form submit rewrite.