Definition – Web Cookies are usually a piece of data that allows the website owners to collect specific information about the users while they interact with the website . In other words , as users begin to interact or use the website , there is an exchange of certain data points as requested by server from user.
Are Cookies Stored in Browser or Local Computer ?
Cookies are actually stored on your computer by a website you visit. For instance in Microsoft Edge, all cookies are stored in a single file, located in below path.
C:\Users\xyz\AppData\Local\Microsoft\Edge\User Data\Default\Network
Do Cookies stores sensitive credentials in for easy logins?
No Cookies are not meant to store sensitive user credentials (passwords/username). They should ideally be more focused in serving the purpose of tracking users actions to help users in a smooth browsing experience .
PS: As a web developer , never make it an option to store credentials in cookies for they are merely a plain text and vulnerable to third party modifications .
How do we then as a developers build systems to remember the user’s credentials for easy logins?
Adopt the route of session IDs.
So when a user logs in into the system a session gets created with a unique session ID. The session ID remains active for users session until it gets expired .Session ID remain attached to the user’s account in database.
So during the active phase of session ID , if a user logs in or remain at website; server identifies the user and make sure that user remains logged in. Equally when the session expires user has to re login.
We can say that you created cookie-less login system in which cookies do not store the passwords directly.
It is this reason that when we delete the cookies (session gets vanished) our browsers do not remember the credentials & users have to log in again.
How OpenEdge (Progress ABL) helps you to create and send cookies to your users ?
OpenEdge takes care of Cookies in two ways –
1- It first sets up the cookie –
OpenEdge allows use of set-cookie function to set up your cookie so that the cookie can be sent to the user as a response to login request.
Set-cookie : –
Syntax-
set-cookie(“CookieName”,”CookieValue”,?,?,?,?,?).
Cookies can have seven parameters that can be passed to them
Parameter 1st – would store the cookies name
Parameter 2nd – would store the cookie value
Parameter 3rd – Expiration Date for Cookie
Parameter4th – Expiration Time for Cookie
Parameter5 – URL path to which you want to apply cookie
Parameter6th – Optional Domain to which you want to apply cookie
Parameter7th – Secure can be a value that would allow browsers to send cookies only on Secure connection (using HTTPS).
Lets pick our old example from – OpenEdge- Create A Simple WebApp using WebSpeed . You can browse the article from homepage . 🙂
We will modify our controller.w a bit . Added a small single line – set-cookie below (in BOLD).
PROCEDURE SearchEmployee:
DEFINE VARIABLE myJsonObj AS JsonObject NO-UNDO.
DEFINE VARIABLE myParser AS ObjectModelParser NO-UNDO.
DEFINE VARIABLE myLongchar AS LONGCHAR NO-UNDO.
DEFINE VARIABLE myEmployee AS Employee NO-UNDO.
DEFINE VARIABLE chrcityname AS CHARACTER NO-UNDO.
DEFINE VARIABLE myEmpJsonobj AS JsonObject NO-UNDO.
myParser = NEW ObjectModelParser( ). // FOR parsing INPUT JSON
myJsonObj = NEW JsonObject( ). // FOR STORING INPUT json
myJsonObj = CAST((myParser:Parse(STRING(WEB-CONTEXT:FORM-INPUT))), Progress.Json.ObjectModel.JsonObject).
/*setting the cookie - Start*/
set-cookie("LastSearchedCity",STRING(myJsonObj:GetJsonText("City")),?,?,?,?,?).
/*setting the cookie - End*/
chrcityname = get-cookie("Last Searched City").
message 'city name : -' chrcityname.
myEmployee = NEW Employee().
myEmployee:SearchEmployee(INPUT myJsonObj,
OUTPUT myEmpJsonobj).
myEmpJsonobj:WriteFile("C:\OpenEdge\WRK\tomcat_wrkdir\test\server\myEmpJsonobj.json", TRUE).
output-content-type ("application/json":U).
myEmpJsonobj:WriteStream('WebStream').
END PROCEDURE.Controller.p
We are setting the cookie with a purpose to capture the user’s pattern of searching the city . As a reason we would set up the cookie that can track the last searched city . We are here setting up the cookie . Cookie Name “LastSearchedCity” .
Lets see how it works –
Expected – Cookie must be set up and must be visible in response header (recall – server would set up the cookie first ). Server would send the cookie as a response .
2) Server would get the Cookie using get-cookie from browser.
Browser should send the cookie value with each subsequent user request .
OpenEdge allows use of get-cookie function to get the cookie value (sent to browser during initial request .) on subsequent requests .
How does get-cookie works .
get-cookie allow server to get the values of cookies. It just takes the name of the cookie as a parameter and allow server to fetch the value .
Added below code bit to above program to fetch the cookie value at server.
Lets see how HTTP headers are demonstrating the cookies journey.
Browser must send the cookie value as a request to server .
Above as we can see the request header has the cookie value which would be fetched at the server using get-cookie . The cookie value can then be used by server for its intended purpose .
Also , response cookie value changed to Houston because the user in her second request searched for Houston.
Server logs to quickly validate if the get-cookie actually works and give us the value of cookie (Last Searched City) ?
Are all Cookies Good or Bad ?
The answer to above question depends upon the trust factor that you have for the website you are visiting .
Cookies can be good if they allow users for a smooth experience on their website – such as taking care of user’s buying preference on an ecommerce sites so that users can smoothly and quickly browse his/her preferred catalogue .
Cookies can be extremely dangerous if they are meant to breach your privacy . Third Party Cookies are never meant to be a pleasant experience to accept .
Ex – You liked a page you visited on a website that allows tracking of your action ‘click of the like button ‘ and then later accessed by a third party such as any social media (Facebook) which can then use the cookie data (your like on a button ) to track your preferences and worst, pops you up with unnecessary marketing campaigns.
The Real threat – Third Party Cookies :
Third Party Cookies are often send to you by an online marketing agency (may be Facebook ) for tracking your browsing patterns and then bombard you with products and services while you remain online on Internet (even when you leave the original site you visited. This is how ads follow you around the internet).
Did internet (web) failed fundamentally to protect user’s privacy ?
As we just discussed that Cookies are essentially the data about users but what happens to the data afterwards and how they are used by websites is highly debatable . How many time have we read completely the cookies policy of a website before you decide to just click on annoying “Accept Cookies ” button ? The sad part is we rarely do so !!!
Its Safe than being SORRY –
Companies are now making sure that users should accept cookies before they can use it further. They are protecting themselves on the legal side of things to avoid being sorry at later stage . Who compels them to do so ? Europe – Enacted Law – General Data Protection Regulation (GDPR), In United States – Consumer Online Privacy Rights Act (COPRA).
Conclusion –
Ideally user should know in detail as what data they are actually sharing with the companies and how their data are being used , but it may be a long road ahead where transparency about consumer’s data usage comes to effect . Until then be safe 🙂
Hope you enjoyed reading the post . Feel free to browse other posts as well and if you like it share with your community .
Do you believe that you can add something on top of this post ? it is always good to learn more via community . So Keep sharing .
Also , Be Grateful to Life . !!!
Thankyou All….
