0

https://i.stack.imgur.com/4XK7k.png

i used cookie for login,but sometimes it's mismatched. Is cookie available for the same domain with each request?

Seamas
  • 1,041
  • 7
  • 13

2 Answers2

1

Request cookies are cookies that are created on client side. They are sent to server in Cookie HTTP header in every request matching with cookie domain(ie. .com,.org,subdomain.com) and path (ie. /login, /questions) and protocol(HTTP, HTTPS). So stackoverflow will not receive cookies of facebook.
Server may choose to do something when it receives the cookies or may choose to ignore them. This kind of cookies can be used to store shopping cart type data.

Response cookies are the cookies created on server side. These are sent in Set-Cookie HTTP header from the server to client. HTTP clients (like browsers) are expected to read this header and create cookies contained in the value of this header. Every subsequent request to the server will be made with the these cookies (matching domain/path/protocol). Since server already knows about this cookie it can match from it's cookie store and check if this request is coming from the same host thus providing assigning state to the request. This kind of cookies can be used to validate user session.

Response cookies are sent once in first response from the server and client cookies are sent in every request to the server.

See example server response with cookies 

HTTP/1.0 200 OK
Content-type: text/html
Set-Cookie: theme=light
Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT

Subsequent request from client would be something like below

GET /spec.html HTTP/1.1
Host: www.example.org
Cookie: theme=light; sessionToken=abc123
11thdimension
  • 10,333
  • 4
  • 33
  • 71
0

Request Cookie = Cookie You send along with your request.
Response Cookies = Http header name Set-Cookie which basically contains "Request Cookie" value for future requests.

TLJ
  • 4,525
  • 2
  • 31
  • 46