You log into one of your social media accounts like Twitter on your computer by entering your credentials. After typing in the right username and password, you successfully enter your account and now you are free to do whatever you please such as sending messages or exploring your news feed.
But let’s say you accidentally close the tab and you want to resume browsing through your feed. You enter twitter.com in your browser and conveniently, you are not presented the login page. Instead you are taken to the home page of your Twitter account. How does this happen?
A cookie stores data and is held on a computer while a user is browing on a given website. It has many functionalities, some of which includes tracking user activity, visitor count, and remembering login information.
In the past, company servers were running out of storage as it was storing many user information and data while they were browsing the site. Cue in Lou Montulli, a programmer who changed the game and made the user browser store information by holding the user data, or cookie.
Let’s take a peak of what is going on behind the curtains. Once users enter in their login credentials, the site communicates with the server. The reason for this is because the server needs to confirm that the information provided is correct, so if the credentials match then the server will respond back with presenting the home page as well as creating a session in the database and giving the user’s browser a session ID as a cookie.
On Google Chrome, you can see your cookies by clicking on Developer Tools, and inspecting your network traffic by clicking on Network. After logging into your Twitter account, you will notice that your browser has received a session ID in a form of a cookie, which was given to you by the server.
The content of the cookie is confidential to other websites so they cannot read it. Additionally, the content of the session ID should be hard to guess as it is randomly generated.
Once the server permits access and gives the browser a session ID and cookie, it is stored in your computer. This way, every time you, the user, visits the website again, there is no need for you to enter in your account information. You already have the session ID and cookie! As long as it is still valid, the website will not ask for your username and password anymore. The validity of the cookie depends on how often you interact with the server; the more you interact with it, the longer your cookie will be valid.
However, if you log out of your account before closing the tab or browser, you will have to enter your credentials again. This is because logging out commands the server to delete the session, as well as instructs the browser to delete the cookie containing the session ID.
Another way to look at cookies and sessions is to imagine the functionality of having a gym membership card. If you have a gym membership you would have a card that would contain all your information such as your name and ID number. At the entry point, you scan your card and the gym checks to see if your card is still valid and if your membership has not expired. This is comparable to logging in with your username and password to see if the credentials are correct.
After confirmation, you have access to the gym and would then complete your workout routine by going from one machine to another without having to show your card each time you leave a machine. Similarly, each time you close your tab or browser, you still have access to your account as long as you are relatively active on the server.
Finally, you finish your entire workout and leave the gym. This is similar to logging out of your account. The next time you start a new session, you would have to present your ID again.
It is important to note that not all websites with accounts are like this. For instance, bank websites have a higher regard for security, so the user would have to enter their credentials more often than other types of websites.
