Simply, cookies are used in order to exchange information among the client and server. Server also recognize the client request by cookies. Generally, web server and client interact with each other as client-server system . Data is stored into the server and client can access those data on request. Cookies are capable of storing only 4KB of data and limit of cookies per domain is 20. Typically, web browsers functions as a client in order to request desired data from servers. Web browser as client and server communicate with each other by HTTP. HTTP stands for hypertext transfer protocol which is a standard application, supports web browsers responses and requests . HTTP is stateless as all requests roots to a server are totally same and sever are not able to determine if a request coming from client is already existed or new one. The below figure describes the mechanism for using the cookie in online shopping . The below figure showcase the cookie exchange between the client and server. The mechanism is also described below.
Step 1 & 2: First, client request to get information from Boytoys.com by specifying the URL in a browser. The web browser established a TCP connection to the server pool or web server through IP address. Then, browser acknowledged the TCP connection and transfer HTTP request to the server in order to retrieve the content. This is used to store the cookie for future as when the same site will be requested the web browser will use the previous connection utilities. In the second stage, Server conformed the request made by web browser along with set-cookies id 12343. Server responses to the web browser by return the search result. In this case, the server responds returning the home page along with pages representing toys. Server responses also comprises all relevant contents of the toys. One of the cookies send by server is known as session cookie. In this step, the session cookie is produced. The session cookie is formed and it is deleted when the client shuts down the program or backs from the page, as there is no particular expiry time for the session cookie . Other cookie is known as session token which contains attributes to instruct the browser to remove the cookie after a certain amount of time .
Step 3 & 4: In the third stage, browser made another request to get any certain image of a toy on the website. This request also contains a cookie along with a HTTP header. Web browser used the same set-cookie 12343. Client used the same id in order to acknowledge the server that the new request is associated with previous request. After acknowledgement, sever transfer cookie to the web browser. This cookies consist of cookie header. System initiated the response while modifying the existing cookie or add new ones. In this case, user send requests to the server to get certain image associated with boy toys which client want to buy from the website. The server respond with the desired page consist of the required image along with the price. At this stage, client has the capability to modify the cookie by while modifying the existing cookie or add new ones. Then, the browser add new cookie value by replacing the old value.
Step 5 & 6: At stage five, client again request for further payment details in order to confirm the booking. This request also contains a cookie along with a HTTP header. Web browser used the same set-cookie 12343. Client used the same id in order to acknowledge the server that the new request is associated with previous request. After acknowledgement, sever sends cookie to the web browser. This cookies consist of cookie header. System initiated the response while modifying the existing cookie or add new ones. In this case, client send the request for getting the payment details associated with certain toy. Then, the server respond with the desired payment details and confirming the payment which are necessary to proceeds with the payment required to be made with the item. Further, browser add new values by replacing the old value or modifying the old value.
N. Zakas, "HTTP cookies explained - Human Who Codes", Humanwhocodes.com, 2018. [Online]. Available: https://humanwhocodes.com/blog/2009/05/05/http-cookies-explained/. [Accessed: 23- Sep- 2018].
A. Ball, "The Cookie is Still Crumbling: The Challenges Facing Cookie Tracking Research", International Journal of Market Research, vol. 55, no. 1, pp. 34-41, 2013.
"RSA Algorithm key generation Extension", International Journal of Modern Trends in Engineering & Research, vol. 5, no. 1, pp. 73-75, 2018.
B. Dimitrova and A. Mileva, "Steganography of Hypertext Transfer Protocol Version 2 (HTTP/2)", Journal of Computer and Communications, vol. 05, no. 05, pp. 98-111, 2017.
V. Kazymyr, A. Mokrohuz and M. Moshel, "MINIMAL HTTP HEADER FOR TRAFFIC CRITICAL APPLICATIONS", TECHNICAL SCIENCES AND TECHNOLOG IES, no. 28, pp. 123-128, 2017.
M. Bassiouni, "Protecting Cookie-Based Internet User Sessions", Journal of Telecommunications System & Management, vol. 01, no. 03, 2013.