#cookies nom nom reading this and this and other stuff
###why use cookies
- HTTP is stateless which means it has no way to keep track of user's previos activities. so cookies help create state
##diff kinds of cookies
- session
- persistent
- secure
- httponly
- third-party
- supercookie
- zombie
##more about cookies
- a piece of data sent from a website, stored locally in browser
- one cookie can only store up to 4KB of data
- max of 20 cookies/server or domain allowed
- cookies are sent to server with each HTTP req
- browser returns most specific path or domain first, followed by less specific cookie matches
- EU has their own set of cookie rules
###how to make cookies
- they're really just
key: value
pairs and look like this (order matters!):
key-value; expiration_date; path; domain;
- can optionally have an expiration date, after which it’s deleted. if no expiration date, the cookie will last until the session or browser is closed
- date format must be UTC/GMT
- path default is
/
meaning the cookie is visible to all paths in given domain - if dont set domain, will default to page that set the cookie
##in ajax requests
- in ajax and synchronous, the request sends the doc's cookies automatically. so if you wanna send a cookie, set it to the doc not the req.
###cookie alternatives