Cookie is a small piece of data stored in the browser for a website. And by small, I mean less than four kilobytes. And in practice, we're only talking about 100 bytes, just a small you know, really just a string. It takes the format conceptually is something like this, name equals value. And in practice it may look something like this, user.id equals 12345. Cookies are really commonly used for things like user IDs and, and you know, kind of temporary information that, that a browser wants to store, you know, whether you're logged into a website. You know, generally, you, you have a cookie that represents the, the fact that you're logged in as user, you know, 12345. So to kind of draw you a little picture of how these things fit together, you know, we might have your browser, and it makes requests, you know, to some web servers. And a web server might send back, in it's response, some cookie data, and this is in the form of an HTTP header. And then your browser basically just stores this cookie, it's associated with this website. We'll talk more about that shortly. And then every time your browser makes a request to this website in the future, now that it has this cookie, it will, it will send the cookie back to the server. So, you know, if you are logging in, you might, you might post some form here and the server might respond with okay, welcome to our website you are user 12345. And then on every future request, you say, hey, I'm user 12345. And that's how the website knows that you're logged in. And a cookie, you know, is, is just basically a file that your browser stores. Generally, you can store about, about 20 cookies per website. Now, this is basically up to the browser. It's some sort of, it, it, it's a browser limitation. Another limitation is probably the length of the cookie, which we said is less than four k, but in reality [LAUGH], you know, this is this is five bytes. And we're probably, you know, most of the cookies we're storing are not, you know, thousands of bytes. Another limitation is a cookie has to be associated with a particular domain. So, you know, a cook, a cookie for udacity.com is only sent to you to udacity.com and, and udacity.com can only set cookies for udacity.com. So, it's, each website has you know, a few cookies that it can store that are private for that website. A lot of this depends on the browser to behave properly. So, you know, this 20 cookies per website that's an old Internet Explorer limitation. Honestly I don't know what the limit is for modern browsers. But if you're storing more than 20 cookies on, on a particular domain, you'll probably rethink things a little bit. You know, maybe store more data in, you know, in a, a single cookie. The four kilobytes, again, there, there's so many things that can go wrong when you start sending big cookies that are, you know, 4000 bytes long. You know, you can set, some, some browsers don't handle multi-line cookies properly. Some web servers don't handle multi, multi-line cookies properly, so I would suggest keeping it short and simple. And, and most of our use cases are for storing small pieces of data that you don't want to store in a database. It's easier to just store them in a cookie. Or, you know, small pieces of, you know, temporary data that is, that is only relevant to this particular user in this particular browser right now. Now this, this constraint, you know, a cookie being associated with pick your website is, is important. It prevents you know, me from, you know, the, the cookie is, is, is what makes me be logged in at a lot of websites, so. If another website could forge this cookie or read this cookie, you know, they could pretend to be me on another website. You know, they could steal my log in information. So cookies, the, the domain that cookie belongs to is, is really important. But it's up to the browser to enforce those rules. And sometimes browsers have bugs you know, none of the modern ones do. I can't remember the last time that happened. But you know, it's just something to be aware of. These are, this is all kind of browser side, you know, client side, enforced
