Home/ Questions/Q 4041428
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T12:52:45+00:00

I have a doubt, I will appreciate if you can clear it . COOKIES

  • 0

I have a doubt, I will appreciate if you can clear it .

COOKIES

What are cookies? When described as entities, which is how cookies are often referenced
in conversation, you can be easily misled. Cookies are actually just an extension of the
HTTP protocol. Specifically, there are two additional HTTP headers: Set-Cookie and
Cookie.The operation of these cookies is best described by the following series of
events:

  1. Client sends an HTTP request to server.

  2. Server sends an HTTP response with Set-Cookie: foo=bar to client.

  3. Client sends an HTTP request with Cookie: foo=bar to server.

  4. Server sends an HTTP response to client.

Thus, the typical scenario involves two complete HTTP transactions. In step 2, the server
is asking the client to return a particular cookie in future requests. In step 3, if the
user’s preferences are set to allow cookies, and if the cookie is valid for this particular
request, the browser requests the resource again but includes the cookie.

Now my question is…….

why you cannot determine whether a user’s preferences are set to allow cookies during the first request????

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The other answer is already correct, steps 3 & 4 will not occur without something to “trigger” them. When detecting whether the user has cookies enabled or not, that’s usually done with a HTTP redirect, or possibly with some Javascript (if you also want to detect that they have Javascript enabled, for example).

    The first request is to ask the client to set the cookie, the second request is to check that the client actually did what you asked it to do.

    The reason you can’t detect whether cookies are enabled without a second request is because many clients will, when they see the “Set-Cookie” header, prompt the user to see whether they want to accept it or not. So it would be impossible for the client to include a special “I accept cookies” or “I do not accept” header in the initial request, because it simply doesn’t know the answer until you actually present it with a cookie.

    There are many parallels with this kind of process:

    1. To check whether you have access to a file on the file system, you need to attempt to open the file.
    2. To check whether the user has Javascript turned on, you have to actually attempt to run some Javascript.
    3. To determine the compressed size of a file, you have to actually compress it.

    And so on. So to check whether the user allows cookies, you have to actually try to set one.

    • 0