Persistent state, client side cookies were introduced by Netscape Navigator to enable a server to store client-specific information on the client's machine, and use that information when a server or a particular page is accessed again by the client. The cookie mechanism allows servers to personalize pages for each client, or remember selections the client has made when browsing through various pages of a site--all without having to use a complicated (or more time-consuming) CGI/database system on the server's side.
Cookies work in the following way: When a CGI program identifies a new user, it adds an extra header to its response containing an identifier for that user and other information that the server may glean from the client's input. This header informs the cookie-enabled browser to add this information to the client's cookies file. After this, all requests to that URL from the browser will include the cookie information as an extra header in the request. The CGI program uses this information to return a document tailored to that specific client. The cookies are stored on the client user's hard drive, so the information remains even when the browser is closed and reopened.
A cookie is created when a client visits a site or page for the first time. A CGI program will look for previous cookie information in the client request, and if it is not there, will send a response containing a Set-Cookie header. This header contains a name/value pair (the actual cookie) which comprises the special information you want the client to maintain. There are other optional fields you may include in the header.
The Set-Cookie header uses the following syntax:
Set-Cookie: name=value; expires=date; path=pathname; domain=domain-name; secure
Multiple Set-Cookie headers may be included in the server response. The name=value pair is the only required attribute for this header, and it should come first. The remaining attributes can be in any order and are defined as follows: