What is the difference between server side cookie and client side cookie?

by

HTTP COOKIES

Cookies are key/value pairs used by websites to store state information on the browser.
Say you have a website (example.com), when the browser requests a webpage the website can send cookies to store information on the browser.

Browser request example:

GET /index.html HTTP/1.1
Host: www.example.com

Example answer from the server:

HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: foo=10
Set-Cookie: bar=20; Expires=Fri, 30 Sep 2011 11:48:00 GMT
... rest  of the response

Here two cookies foo=10 and bar=20 are stored on the browser. The second one will expire on 30 September.
In each subsequent request the browser will send the cookies back to the server.

GET /spec.html HTTP/1.1
Host: www.example.com
Cookie: foo=10; bar=20
Accept: */*

SESSIONS: Server side cookies

Server side cookies are known as “sessions”. The website in this case stores a single cookie on the browser containing a unique Session Identifier. Status information (foo=10 and bar=20 above) are stored on the server and the Session Identifier is used to match the request with the data stored on the server.

Examples of usage

You can use both sessions and cookies to store: authentication data, user preferences, the content of a chart in an e-commerce website, etc…

Pros and Cons

Below pros and cons of the solutions. These are the first that comes to my mind, there are surely others.

Cookie Pros:

  • scalability: all the data is stored in the browser so each request can go through a load balancer to different webservers and you have all the information needed to fullfill the request;
  • they can be accessed via javascript on the browser;
  • not being on the server they will survive server restarts;
  • RESTful: requests don’t depend on server state

Cookie Cons:

Session Pros:

  • generally easier to use, in PHP there’s probably not much difference.
  • unlimited storage

Session Cons:

  • more difficult to scale
  • on web server restarts you can lose all sessions or not depending on the implementation
  • not RESTful

More Related Contents:

  1. How does cookie “Secure” flag work?
  2. Is a URL with // in the path-section valid?
  3. Share cookie between subdomain and domain
  4. How do browser cookie domains work?
  5. How to detect server-side whether cookies are disabled
  6. Why is it common to put CSRF prevention tokens in cookies?
  7. How to handle multiple cookies with the same name?
  8. Correct way to delete cookies server-side
  9. Cookie handling in Google Apps Script – How to send cookies in header?
  10. Why can’t I set a cookie and redirect?
  11. How are cookies passed in the HTTP protocol?
  12. How do I create a persistent vs a non-persistent cookie?
  13. Save cookies between two curl requests
  14. Domain set cookie for subdomain
  15. Share cookies between subdomain and domain
  16. Share a cookie between two websites
  17. Reading cookies via HTTPS that were set using HTTP
  18. Sending browser cookies during a 302 redirect
  19. Should cookie values be URL encoded?
  20. Is it possible to set more than one cookie with a single Set-Cookie?
  21. What is the difference between a URI, a URL and a URN?
  22. How to display the Authentication Challenge in UIWebView?
  23. How to catch exception correctly from http.request()?
  24. server socket receives 2 http requests when I send from chrome and receives one when I send from firefox
  25. What is the difference between Sessions and Cookies in PHP?
  26. How to delete cookies on an ASP.NET website
  27. Cross Origin Resource Sharing with Credentials
  28. Angular2 / Error: Collection not found
  29. Add subdomain to localhost URL
  30. How do I make an HTTP request from Rust?

Leave a Comment