23.2. Cookies

At some point, we’ve all received an alert in our browser that says something like, This website uses cookies. We hear about cookies all the time, but many users don’t think about them too deeply. They either choose Accept or Decline when they see the alert, and then they move on to the next task.

To help us make our Flask applications more efficient, we’ll start by taking a closer look at cookies.

23.2.1. Cookie Ingredients

A cookie is just a text file that stores data. Browsers use cookies to help users navigate a specific website. For example, a cookie can store a user’s zip code, which helps a shopping app find the closest store.

By design, cookies are very small (< 4 kB). Each one consists of a single key/value pair, like zip_code = 63108. As we surf the web, the browser stores cookies on our device, usually in the same directory as our browser.

Since the file size is so small, a single website often stores many cookies on our machine.

Note

A deep dive into cookie syntax is beyond the scope of this text. However, if you are curious, here are some good resources to get you started:

1. All About Cookies

2. Cookie playlist from Udacity

3. How Stuff Works

4. HTTP Cookies on the MDN website.

Cookie data is temporary. However, it usually persists longer than the values we assign to Python variables. Cookies often survive after we refresh a page or exit out of our browser.

Tip

We can use the browser preferences to control how long cookies remain saved on our device. We can also remove cookies at any time.

For example, in Firefox we can check our cookie settings by selecting the Privacy & Security option under Preferences. Other browsers provide similar features.

We can customize how our browser deals with cookies. We can also clear the data right now.

23.2.2. How Cookies Work

One thing we need to remember about cookies is that they are NOT programs. They just store a small amount of data that web servers can use when we visit a site. Here’s a summary of how the cookie process works:

1. The first time we navigate to a webpage, our browser sends an HTTP request (GET or POST) to the server.

2. The server sends back an HTTP response, which contains data to display on the page. The response also includes a command to create one or more cookies.

3. The browser creates the cookie files and stores them on our machine.

4. When our browser communicates with the server again, it includes all of the saved cookies with the new HTTP request. The server uses the information to help it process the request.

   Cookies set by a specific server can only be sent back to that server. For example, a cookie set by Trinket won’t be sent to the GitHub server.

5. When the server responds to the new request, it can update the existing cookies or create new ones.

Servers use commands to set cookies. Browsers create and save cookie files on a user’s device.

Cookies serve several purposes:

1. To keep us logged into a site.

2. To store helpful data for the server during our visit. For example:

   1. Our current score in a game we’re playing. If we need to close the tab when our teacher/parent/boss walks by, cookies save our progress until we return.

   2. The contents of a shopping cart. When we select Checkout to complete an online order, cookies identify the items we want to buy.

3. To track and analyze our behavior.

   1. Have you received targeted adds while searching the web? Cookie data influences what you see!

   2. Watch this short video clip that describes how cookies are used to track your movement on the web.

23.2.3. Check Your Understanding

Question

A cookie is a small program that runs in the browser.

1. True
2. False

Question

Where is a cookie file saved?

1. On a web server
2. In an open browser application
3. On the user's device
4. In the cloud