Cisco Cisco Web Security Appliance S670 Information Guide

Contributed by Stephan Fiebrandt, Cisco TAC Engineers.
Jul 15, 2014

This document describes what HTTP cookies are and what the difference is between session cookies and
persistent cookies.

Cookies are strings of data that a web server sends to the browser. When a browser requests an object from
the same domain in the future, the browser will send the same string of date back to the origin server.

The data is sent from the web server in the form of an HTTP header called "Set−Cookie". The browser sends
the cookie back to te server in an HTTP header called "Cookie".

The following is an example of what an HTTP cookie transaction may look like:

HTTP response from web server:

[...]

Set−Cookie: first.lastname

HTTP GET from the client:

[...]

Cookie: first.lastname

In the above sample transaction, the web server told the client to create the cookie "first.lastname". The next
time the client requests an object from this domain it sends the cookie wihin the request. This illustrates how a
web server may be able to recall certain information such as user logins.

If a cookie does not contain an expiration date, it is considered a session cookie. Session cookies are stored in
memory and never written to disk. When the browers closes the cookie is permanently lost from this point on.