The HTTP Cookie request header includes HTTP Cookies that have been sent by the server.
The Cookie request header is included in a client request to transmit data to the server. Cookies originate on the server-side and are sent to the client for use in future HTTP responses. They have myriad use cases but often, Cookies are used to maintain state and identify specific users. For example, after authenticating with a website, an authorization token can be returned as a Cookie and subsequently used by the client for access control and authentication.
Multiple Cookies can be included either on different lines or instead, in a comma-delimited format on a single line. The directive includes the
name of the Cookie and its value. The syntax is as follows:
In this example, the server includes several Cookies for the client to store. In subsequent HTTP requests, the client sends all of the Cookies back to the server using the Cookie request header field. The two exceptions are
screenmode, which will not be sent after January 1st, 2023, and
job, which will only be sent for the next hour.
HTTP/1.1 200 OK
Set-Cookie: screenmode=dark, Expires=Sun, 1 Jan 2023 12:00:00 GMT
Set-Cookie: job=111; Max-Age: 3600; Secure; HttpOnly
Request (shortly after)
GET / HTTP/1.1
Cookie: items=16; headercolor=blue; screenmode=dark; job=111
Request (more than an hour later but before January 1st, 2023)
GET / HTTP/1.1
Cookie: items=16; headercolor=blue; screenmode=dark
The Cookie header is used as part of a mechanism that servers have for storing data on a client, generally used to identify the client.