In the past tutorials in this course, we have completed everything visible in the Response Section of the postman. From Response Body to Response Size, we have covered everything available except one thing i.e. cookies. Before coming to the Postman part of cookies and how Postman helps developers and testers analyzing cookies, we have to understand the dynamics of cookies or in simple words What is a Cookie?. Taking this into picture, in this tutorial we will be focusing on
- What is a Cookie?
- Why to use Cookie?
- Advancement of Cookies
- Security threats related to Cookies
What is a Cookie?
Cookie in simpler terms means just the textual information saved by some website. When you visit a particular website, some information is saved in your local system so that when you visit the same website again, this website is able to recognize you and show you the results according to your preferences. Cookies have been long used in the internet history and have developed in a magnificent way.
When you visit a website you actually requests the web page from the server. For a server, every request is a unique request. So if you visit hundred times, the server will consider each and every request unique. Since the intensity of requests that arrive at a server is high, it is obvious and logical not to store every user’s information to the server. Maybe you never visit again and the same information will be redundant. So, to uniquely remember you, the server sends the cookies along with the response which is saved in your local machine. Now the next time you hit the same server, you will get a response according to you as the server will recognize you.
This cookie is unique to every server (some exceptions exist today because of advertisements). So you might have many cookies in your system but a server will recognize its own cookie and can analyse it for you. How this evolved over time and used today is discussed in the next section.
Cookies developed in the initial days because developers needed some information about the client to make their experience better. Let say you visit a website which is not in your local language (let’s say English). You choose the English option in the language section of the website. Now if you visit the same website 5 times a day, you might have to change the language 5 times. Therefore, this information is saved as a cookie in your system. So the next time you send the request, the server will know that you want to see the website in English. This is where cookies play a vital role. This is extended to a greater level today. Cookies are also used to store your cart’s information while browsing products on an eCommerce site. Cookies has helped us from logging in again and again every time you login. So if you sum these things, cookies are used primarily to make your experience better and shed the load from you wherever possible. But this is a very minute example of the scale cookies are used today.
As seen in the above image, a cookie can be anything from your preferred language to your gaming related data to the products in your cart.
Advancement of Cookies
The concept of cookies was developed for creating a better experience by saving little information as texts on the client’s machine. But as the concept became more and more demanding and successful, the usage of cookies increased many folds. Today, cookies are used from what you searched to even what you saved in your cart. Cookies are used today at an extreme level saving your information about various websites. Knowing this, it is obvious that the size of the information has increased. So developers have recognized that all the information cannot be saved in the client’s machine as it will increase the cookie size which is sent with requests and also will load the client’s machine. Therefore cookies are now saved in a different way. Now, if you visit a website, the website provide you with a cookie id which is uniquely recognizable by the server and saved in your system. This id is then linked to the database of the company where all your information is saved and then fetched from the database. This way cookies can be managed more efficiently and more securely.
In the above image, the cookie is linked with an id to the database of the website where all the data is fetched using that Id. You should not think that cookies today save only the id in your system. Cookies contain some information like login credentials and session time etc. But these are very minimal as compared to what cookies are actually linked to in the database of the website.
Security threats related to Cookies
Cookies as you must have come to know till now, saves your information to your machine. This information is highly personal to you and should only be retrieved by the server which saved it. Does it possess any security threats? Fortunately no. The following things should be kept in mind
- A cookie cannot be used by any other server as the id saved in your cookie is directly mapped to the website’s database.
- A cookie can never be used to access any information saved in your system, browser or hard disk.
- A cookie cannot be used to deliver viruses or any other threats.
A cookie but can be used by a third website (with permissions of course) to access the information and/or your preferences to use them for their and your benefit. To understand it a bit more, we should understand the types of cookies.
Types of Cookies
Cookies are of two types
First Party Cookies
First party cookie is the same cookie that we have discussed in this tutorial till now. These are the cookies which is accessed by the same website that saved it in your system to give you a better experience. For example a weather forecasting website may need this to show you your city’s weather every time you visit in the future.
Third party cookies
A third party cookie is saved for the use of advertisement companies to show you ads according to your preferences. These are not same as first party cookies but bits of information which shows your interests. For example you visited a news website. Now this website will save a third party cookie so that when you visit any other website in the future, ad placing company will know that you like news. Hence, you will get the news’ ads. This way third party cookies are also used for our better experience.
So, cookies are the very important part of internet today. I hope your concepts of cookies are clear after this tutorial. We will now try to analyse the cookies in Postman.