0

I found that the cookie in browser is a random string which web server sends to each client for remembering users' information purpose. But I don't understand in programmers viewpoint, what does cookie use for? For example, I've used EditThisCookie extension in Chrome Browser to read wikipedia.org site's cookie, in the following picture included here. The value of this cookie (sessionId) is useless for programmers (EDIT: I mean I don't extract any information from this cookie, I know the cookie is very important for web developers, so sorry about my poor expression). If I get this cookie, which kind of information I can understand about the users? Looking for some help! Thank you very much!

The example about cookie

http://i102.photobucket.com/albums/m86/dienkun1/cookie_example_zps455f0dad.png

EDIT: Sorry, I've just expressed my problem in wrong way. Actually, I am going to write an extension for collecting users' preferences via users' cookie, but I can't understand anything what information can be extracted from cookie. I've read about cookie in many documents, like wikipedia, and all of them just show how to get cookie, the definition of cookie, classified... and nothing about which information we can get from cookie. Thank you very much!

Improve this question

2 Answers 2

Reset to default
1

Why do you say that the sessionId is useless for programmers? It actually can be extremely useful. Somewhere on Wikipedia's servers, they're probably storing quite a bit of information about your session. This could include things like whether you've already hidden one of their fundraising banners (so that it won't keep showing it to you again and again), to things that are required for basic functionality, such as what user you are currently logged in as.

However, Wikipedia is storing this same information for millions of sessions. It needs a way to tie the information back to each individual browser. That sessionId is how it does so. It set the sessionId in a cookie when you first accessed the page, and that cookie gets sent back to the server with every request you make to it now. Then they have code on the back end that reads that sessionId from the cookie and uses it to look up all of the information specific to your session, and do whatever needs to be done with it.

You could of course store the session information itself in the cookies, but there are a couple problems with that. First, there are limits on the size of each cookie, and on the overall size of all cookies for a single domain. Some of the data you want to store might not even fit. But the bigger problem is that cookies can be very easily manipulated by the end user. If you stored the information of who the user is logged in as in a cookie, the user could just change that value to something else, and suddenly be logged in as someone else! Of course, it's also possible that the user could change their sessionId to be some other user's session and suddenly be logged in as them. That's why session IDs need to be as random as possible, and should be long enough that guessing someone else's is basically impossible.

Improve this answer
2
  • Thank you for your help, Elezar! I have another question for you, if I can't extract information from session cookie value (a random string), is there another way to know the users' preferences through cookie, such as which football team the user likes the most (I think we can count how many times the user reads the news about - for example: Chelsea, but as I see, I can get only the domain of the cookie). Thank you very much for your help!
    – dienkun
    Commented Apr 28, 2014 at 17:26
  • Well, everything that's available via a cookie has to be put into that cookie by you (Or at least by a web server that you control) in the first place. So you couldn't just deduce their favorite team based on a cookie, but you could ask the user what their favorite team is, and then store their answer in a cookie. Then as long as that cookie exists on their machine, you would know what they had selected. Outside of session cookies, this is actually the most common use of cookies.
    – Elezar
    Commented Apr 29, 2014 at 6:00
0

Well, why would someone bother writing a sessionId to a cookie if it's useless?

Cookies are extremely useful when it comes to (e.g) identifying users on your site so you can have them logged in right away, count their visits, track them on your site and even beyond.. only to name a few use cases.

To cite a somewhat popular site (wikipedia.org):

Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items in a shopping cart) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited by the user as far back as months or years ago).

The most important word here is "stateful".

Improve this answer
6
  • Firstly, I apreciated for your help, John. Actually, I know this purpose of the cookie. But, I mean if I have a cookie, which information I can extract from this? I saw that the value of the cookie (for example, in the picture I included in the question) is a random string, so that I can't extract anything from this.
    – dienkun
    Commented Apr 28, 2014 at 16:45
  • This depends on the cookie.. in this case there's not much you can get from it since the logic behind it (how it's generated and how the data is used) is not available. In case you mean how could one benefit from having a random string in a cookie: I'm sure they also have it stored somewhere and once you visit their site again they'll know it's you..
    – VF_
    Commented Apr 28, 2014 at 16:48
  • Thank you very much! I think in my case, I have to get information from the other kind of cookie. The session cookie is not used in my case.
    – dienkun
    Commented Apr 28, 2014 at 17:12
  • Can I ask you one more question? Is there any ways to know the users' prefrences through cookie? For example, can I know which football team the user likes the most, just use cookie? Thank you very much!
    – dienkun
    Commented Apr 28, 2014 at 17:32
  • Well just as Elezar wrote, see a cookie as some sort of a small database where you have keys (e.g. sessionId) and values (e.g. a random string). Now a webserver might be able to figure out what your favorite team is by counting how often you visit articles about a particular team.. Most of the time this information won't be stored in the cookie itself but rather in a database or something and can be used for targeted advertising (see en.wikipedia.org/wiki/Google_Analytics#Technology), for example.. Google probably knows what your favorite team is ;)
    – VF_
    Commented Apr 29, 2014 at 8:19

Not the answer you're looking for? Browse other questions tagged or ask your own question.