If you’re ever stuck wondering why Live HTTP Headers and Firebug are telling you your “Cookie:” request headers don’t match the “Set-Cookie:” response headers you’ve just been sent, here’s a couple of points and gotchas worth remembering:
- A cookie can only be overwritten (or deleted) by a subsequent cookie exactly matching the name, path and domain of the original cookie. Even though a cookie with domain “.example.org” set by www.example.org is perfectly valid, it will not overwrite a previous cookie of the same name which was set against “www.example.org”. Instead, both cookies will be stored, and on subsequent requests only one will be sent.
- If multiple cookies of the same name match a given request URI, one is chosen by the browser.
The more specific the path, the higher the precedence. However precedence based on other attributes, including the domain, is unspecified, and may vary between browsers. This means that if you have set cookies of the same name against “.example.org” and “www.example.org”, you can’t be sure which one will be sent back.
- The HTTP state object is called a cookie
for no compelling reasonaccording to the preliminary specification from Netscape.
Get started with Laravel 5.2
User Interface Design with Sketch 4
Create your next web project with Sketch
Diving into ES2015
Get ahead of the curve with ES2015
Rails: Novice to Ninja
The ultimate beginner's guide to Rails!
Designing UX: Forms
Design forms that won't drive users crazy
Bootstrap: A SitePoint Anthology #1
Dive into the the popular front-end framework with this 106 page anthology!