11 February 2017

Persistent and non persistent cookies

Http cookies can be classified into two groups based on how long they are stored in the browser. Cookie’s Expiry date time value determines how long cookies are stored in browser.

If you don't know what are http cookies, read my another blog post tutorial on what are http cookies

1. Persistent Cookies

Persistent cookies will have Expiry Date time set from the web server. When Http web server sends the response it will set the cookie expiry time. Cookie expiry time could be relatively shorter like 20 minutes, or long as 1 year . The cookie expiry date time generally depends on how secure the cookie value needs to be.

If a particular cookie stores your session ID value, it will be set to shorter expiry time. Say 20 minutes.

On the other hand the cookie storing the user preferences can have longer expiry time. Such cookies storing preference value can have expiry time ranging from 30 days to an year.

When persistent cookie will be removed from browser?

The cookies will be removed in client repository by browser depending upon its expiry time. Post expiry time, the cookies will be removed. Hence such expired cookies will not be sent to sever with next request made to server.

2. Non persistent Cookies / Session cookies

Non persistent cookies also called session cookies will not have Expiry time set on them. The non persistent cookies are generally sued to store secured values like session ID, etc.

When non persistent cookie will be removed from browser?

Non persistent cookies will be removed from browser when the browsing window is CLOSED. The banking sites usually create non persistent cookie to store the session ID established. If you CLOSE the BROWSER window and try to access the same URL again, the site will ask you login again.

No comments:

Post a Comment