B.3. Cookies

One additional technique for HTTP interaction is the client-side cookies. These are name/value pairs stored on the client and meant to persist between HTTP requests. The server can push cookies down to the client and then check their values on a later request. Cookies are typically used to maintain session information.

A server application will set a cookie using the set-cookie header. An example use might be:

set-cookie: username=jsmith; expires=Tuesday, 
04-Jun-2002 00:00:00 GMT; path=/MembersOnly; domain=www.voicexml.org

This causes the client to store a cookie named username with a value jsmith. Each time a cookie-compliant HTTP client makes an HTTP request, it will check the URL to see if it begins with http://www.voicexml.org/MembersOnly. If it does, the client will append the following set-cookie header to the HTTP request:

set-cookie: username=jsmith; path=/MembersOnly

This cookie will only be readable by servers serving the www.voicexml.org domain. This access restriction is enforced by the client and is intended to prevent one website from spying on a user's activities at other websites. The client typically doesn't care much about the contents of the cookies, nor does it attempt to manipulate them. Cookies are almost exclusively used by server applications.