0% found this document useful (0 votes)
264 views16 pages

Cookies and Sessions

Cookies and sessions both allow servers to maintain stateful interactions with users across multiple requests. Cookies store small pieces of data on the user's browser, while sessions store data on the server. Cookies are primarily used for personalization and tracking browsing activities, while sessions are used to maintain a consistent user experience by storing information like login status and shopping cart contents over a website visit. Both have advantages and limitations related to storage location, data capacity, security, and handling user experience across devices.

Uploaded by

Uzair Ahmad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
264 views16 pages

Cookies and Sessions

Cookies and sessions both allow servers to maintain stateful interactions with users across multiple requests. Cookies store small pieces of data on the user's browser, while sessions store data on the server. Cookies are primarily used for personalization and tracking browsing activities, while sessions are used to maintain a consistent user experience by storing information like login status and shopping cart contents over a website visit. Both have advantages and limitations related to storage location, data capacity, security, and handling user experience across devices.

Uploaded by

Uzair Ahmad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Cookies and

Sessions in Web
Engineering
UNDERSTANDING THE FUNDAMENTALS, APPLICATIONS AND BEST
PRACTICES
What are Cookies?

 Basic Definition:
• Web Cookies, also known simply as cookies, are small pieces of data
sent from a website and stored on a user's web browser while the user is
browsing that website.
• Each time the user loads the website, the browser sends the cookie back
to the server to notify the website of the user's previous activity.

 Primary Function:
• Cookies are primarily used for session tracking, personalization, and
storing information about users' browsing activities.
Types of Cookies
 Session Cookies:
• Definition: These are temporary cookies that are deleted once you close
your browser.
• Use Case: Commonly used to keep track of your actions during a
browsing session, like remembering items in a shopping cart.

 Persistent Cookies:
• Definition: These cookies remain on your device for a set period specified
in the cookie even after the browser is closed.
• Use Case: Used for remembering login information, preferences, and
other customization functions for repeated visits.
Types of Cookies
 Secure Cookies:
• Definition: These cookies can only be transmitted over secure, encrypted
connections (HTTPS).
• Use Case: Typically used for security purposes to authenticate users and
prevent fraudulent use of login credentials.

 HttpOnly Cookies:
• Definition: These cookies cannot be accessed by client-side scripts and
are used mainly for protecting against cross-site scripting (XSS) attacks.
• Use Case: Often used in conjunction with secure cookies for security in
web applications.
How cookies work?
 Cookie Creation and Transmission:
• Cookies are created when a server sends a ‘set-cookie’ header in response to
a browser request. The browser then stores this cookie and sends it back
to the server with subsequent requests to the same domain.

 Role in HTTP:
• HTTP is stateless; cookies help maintain state across sessions by storing user
data like preferences and login status.

 Lifecycle:
• Involves creation, storage, transmission with requests, and eventual expiration
or deletion.
Uses of Cookies
 User Authentication:
• Cookies are crucial in managing login sessions. When a user logs in, the
server creates a session ID stored in a cookie, which is used for maintaining
the session across different pages.
 Shopping Carts:
• E-commerce sites use cookies to keep track of items users have added to their
shopping carts as they navigate through the site, ensuring a seamless
shopping experience.
 Tracking and Analytics:
• Cookies help in tracking user behavior on a website, providing valuable
insights for analytics. This data is used to understand user interactions,
improve website functionality, and measure the effectiveness of advertising
campaigns.
Example

var express = require('express')


var cookieParser = require('cookie-parser')

var app = express()


app.use(cookieParser())

app.get('/', function (req, res) {console.log('Cookies: ', req.cookies)


console.log('Signed Cookies: ', req.signedCookies)
})

app.listen(8080)
Limitations of Cookies
 Size Restrictions:
• Cookies are limited in size, typically up to 4KB. This restricts the amount of
information that can be stored, making them unsuitable for large data storage.
 Security Concerns:
• Cookies can be vulnerable to theft and manipulation. If not secured properly
(e.g., with Secure and HttpOnly flags), they can be exploited for cross-site
scripting (XSS) and cross-site request forgery (CSRF) attacks.
 Dependency on Client-Side Storage:
• Cookies rely on the user's browser for storage. If a user switches devices or
browsers, the stored information is not transferred, leading to a lack of
continuity.
 Performance Impact:
• Each HTTP request includes cookies, which can increase the load time,
especially if there are numerous or large cookies.
What are Sessions?

 Basic Definition:
• A Session in web development refers to a period of interaction between a
user’s browser and a web server. It's used to store information about the
user across multiple HTTP requests.

 Function and Purpose:


• Unlike cookies, which are stored on the user’s browser, session data is
typically stored on the server side.
• Sessions are used to maintain a consistent user experience, holding
information such as user preferences, login status, and shopping cart
contents over the course of a browser session.
Types of Sessions

 User Sessions:
• Definition: Sessions that track individual user activities and preferences
throughout a website visit.
• Use Case: Common in e-commerce for tracking items in a shopping cart or
user login status.

 Database-Backed Sessions:
• Definition: Sessions where session data is stored in a database, offering
better security and scalability.
• Use Case: Ideal for applications with a large number of users or when session
data needs to be preserved over a long period.
Types of Sessions
 Cookie-Based Sessions:
• Definition: Sessions that store all session data within a cookie on the user’s
browser.
• Use Case: Suitable for smaller amounts of data and when ease of scalability is
a priority.

 API Sessions:
• Definition: Sessions created for each API call, particularly in service-oriented
architectures.
• Use Case: Used in applications that interact with various APIs, where each call
needs to be authenticated and tracked.
How Sessions Work
 Initiation of a Session:
• A session starts when a user first requests a page from a web application. The
server generates a unique session identifier (session ID) for this interaction.
 Storing Session ID:
• The session ID is typically stored in a cookie on the user’s browser, although it can
also be passed via the URL or hidden form fields in situations where cookies are
disabled.
 Session ID Transmission:
• With each subsequent HTTP request from the user’s browser, the session ID is
sent back to the server, either through a cookie, URL, or hidden form fields.
 Retrieving Session Data:
• Upon receiving the session ID, the server retrieves the corresponding session data
from its store, allowing the application to maintain a continuous user experience
across multiple requests.
 Session Expiration:
• Sessions are configured to expire after a certain period of inactivity or when the
browser is closed, ensuring that session data does not persist indefinitely for
security reasons.
Uses of Sessions
1. User Authentication:
• Sessions are crucial for maintaining user authentication status. After a user
logs in, the session stores the authentication status, allowing the user to
navigate through secured areas of a website without needing to log in
repeatedly.
2. Shopping Cart Functionality:
• E-commerce websites use sessions to track items a user has added to their
shopping cart. This allows the cart to persist as the user continues shopping,
even across different pages.
3. Access Control and Security:
• Sessions help in managing access to restricted resources on a website. They
ensure that only authenticated users can access certain pages or
functionalities.
4. Analytical Tracking:
• Sessions are used to track user behavior within a website for analytical
purposes, helping in understanding user navigation patterns and preferences
for website optimization.
Example

var express = require('express’);


var session = require('express-session');
var app = express();
app.get('/', function(req, res){
if(req.session.page_views){
req.session.page_views++;
res.send("You visited this page " + req.session.page_views + " times");
} else {
req.session.page_views = 1;
res.send("Welcome to this page for the first time!");
}
});
app.listen(3000);
Limitations of Sessions
 Server Resource Consumption:
• Sessions typically store data on the server, which can consume significant server
memory, especially with a large number of concurrent users. This can impact server
performance and scalability.
 Session Expiration Management:
• Managing session expiration can be challenging. If session duration is too short,
users may be inconvenienced. If too long, it poses a security risk, especially for
inactive sessions.
 Dependency on Cookies:
• While not always, sessions often rely on cookies to store the session ID on the
client side. Users disabling cookies can disrupt the session mechanism, leading to
a degraded user experience.
 Cross-Device Limitations:
• Sessions are typically bound to the user’s browser. If the user switches devices or
browsers, the session does not persist, leading to a discontinuous experience.
Cookies vs Sessions:

You might also like