1 00:00:00,500 --> 00:00:05,770 Now, modern day websites have many functionality, such as authentication, authorization and so on, 2 00:00:06,620 --> 00:00:13,760 and by having these websites will then provide us with what we need so that we can do almost everything 3 00:00:13,760 --> 00:00:14,200 online. 4 00:00:15,180 --> 00:00:22,620 Now, they can also follow you remember, your choices preferences seems convenient, but it goes well 5 00:00:22,620 --> 00:00:23,580 beyond just this. 6 00:00:24,600 --> 00:00:25,740 So the question is. 7 00:00:27,210 --> 00:00:28,970 How do they accomplish it? 8 00:00:29,820 --> 00:00:36,930 So that means that we can look at the HTP more closely in order to understand how Web applications manage 9 00:00:36,930 --> 00:00:37,320 all this. 10 00:00:39,700 --> 00:00:46,780 So, as you know, HDP is a connection, this client server protocol where the server and the client 11 00:00:46,780 --> 00:00:48,530 exchange and process data. 12 00:00:49,000 --> 00:00:53,320 So basically the client requests and the server responds. 13 00:00:54,670 --> 00:01:00,430 And all these requests of the client are independent of each other by design of HDP. 14 00:01:01,690 --> 00:01:07,330 So when the Web browser makes the next request, this is completely unrelated to the previous one. 15 00:01:08,390 --> 00:01:17,240 See, so that's why the server needs a mechanism to bind these requests if it does such tasks like adding 16 00:01:17,240 --> 00:01:24,320 an item to a user's shopping cart or, well, doing anything that needs to be authenticated and stuff 17 00:01:24,320 --> 00:01:24,670 like that. 18 00:01:25,980 --> 00:01:32,760 So the most widely used technique to save the users state and exchange any metadata with a client is 19 00:01:32,760 --> 00:01:35,910 through these cookies set by the server. 20 00:01:37,300 --> 00:01:42,760 So servers can assign cookies in order to continue their interaction with a client. 21 00:01:43,640 --> 00:01:49,070 So then after the initial request, the server issues a client, a cookie by setting the set cookie 22 00:01:49,070 --> 00:01:51,680 field in the HDP response header. 23 00:01:52,610 --> 00:01:58,220 And when a client receives this header, it will store the value of the cookie and then you see what 24 00:01:58,220 --> 00:01:59,000 happens next. 25 00:01:59,820 --> 00:02:06,780 It will automatically send this value with subsequent requests to the same server by just adding this 26 00:02:06,780 --> 00:02:07,440 cookie header. 27 00:02:08,340 --> 00:02:14,730 So by doing it this way, the server can treat their clients uniquely, as well as being able to follow 28 00:02:14,730 --> 00:02:15,980 the user's behaviors. 29 00:02:16,730 --> 00:02:24,320 So by assigning cookies, HTP Gaines's stateful position and makes every client or user unique. 30 00:02:25,160 --> 00:02:31,160 Now the Web server or the owner of the Web application can assign many cookies to the client for any 31 00:02:31,160 --> 00:02:31,660 purpose. 32 00:02:32,490 --> 00:02:38,490 But the most important cookie is the one used for tracking the users, and that's called the session 33 00:02:38,490 --> 00:02:42,120 ID in our terminology. 34 00:02:43,500 --> 00:02:50,760 So as soon as user is authenticated with a valid username and password, a unique random session, ID 35 00:02:50,760 --> 00:02:52,080 is assigned to that user. 36 00:02:53,170 --> 00:02:59,500 And this session indeed should be included in each and every request that's made by the client. 37 00:03:00,890 --> 00:03:07,280 So then the server would tie the request to the authenticated user of cookies, normally consist of 38 00:03:07,280 --> 00:03:11,390 a name value pair where the value does not contain any space. 39 00:03:12,590 --> 00:03:17,870 Also, the server can assign multiple cookies by adding multiple set cookie headers. 40 00:03:18,950 --> 00:03:25,970 And multiple cookies sent back to the server and the same cookie had her separated by a semicolon. 41 00:03:27,120 --> 00:03:33,720 And we're going to talk more about the security of cookies and their configurations in later sections.