Cookies? Seriously?

I feel almost ashamed to be speaking about cookies in a modern web development book in 2015, but they are the oldest, and most stable, form of client-side storage available to developers today. They are certainly not the best method, and I’d almost never recommend using them, but they are an option and you may be forced to use (or modify) code that makes use of them at some point in the future.

Cookies were introduced in 1994 in a beta version of Netscape. They worked by using header values sent along with HTTP requests and responses. As you may know, whenever your browser requests a resource, a set of headers will be sent along with the request. Those headers include various types of data, including information about the browser and what form of data it wants. On the flip side, the server will also send headers back. Basically, every time you see a web page rendered in your browser, there was a set of headers that were also sent that you don’t see. (You certainly can see them using browser tools. They aren’t hidden as in “impossible to see,” just hidden from view by default.)

Cookies are sent using HTTP headers, specifically the “Cookie” HTTP header, and are sent by the browser to the server and sent to the browser from the server. Right away you should see a problem with that. If one of the benefits of using client-side storage is that we don’t have to send data over the wire, doesn’t sending cookies back and forth negate ...