HTTP, per se, is a stateless protocol, meaning that it retains no session state between transactions. Cookies, as specified by the HTTP 1.1 standard, let web clients and servers cooperate to build a stateful session from a sequence of HTTP transactions.
Each time a server sends a response to a client’s request, the server may initiate or continue a session by sending one or more Set-Cookie headers, whose contents are small data items called cookies. When a client sends another request to the server, the client may continue a session by sending Cookie headers with cookies previously received from that server or other servers in the same domain. Each cookie is a pair of strings, the name and value of the cookie, plus optional attributes. Attribute
max-age is the maximum number of seconds the cookie should be kept. The client should discard saved cookies after their maximum age. If
max-age is missing, then the client should discard the cookie when the user’s interactive session ends.
Encryption, encoding, decoding, decryption, and verification may all be ...