[MUSIC] Normally, the client controls almost all aspects of the communication in HTTP. And when I say controls, I mean, it's the driver and instigator of the communication and what messages it sends to the server. But occasionally it would be helpful for the server to provide a hint to the client, about data that it would like the client to provide in future requests. So, for example, let's say that you go to a banking website, or a website like Amazon, and you log in. Sometimes those websites and servers, would like to provide a little data indicating that you have logged in, and that you can provide to the server, in order to prove that you actually logged in. Because you're sending a series of requests to the server. And on the server's side, it needs some way of figuring out that you are the same client that sent the previous request. Because you are going to send a request and then you may go away for some period of time and come back and the server would like to remember, for example, that you are logged in. But in order to do that, typically it needs to tell you to send some data to it, to prove that you previously logged in. So, how does the server go about indicating data that the client should store for the server and send back to the server in the future, to help it figure out who the client it or figure some state, regarding the client. The way that we do this in HTTP is through a mechanism called cookies. And what cookies are, are they are very small limited pieces of data, that the server sends back to the client and asks the client to remember on its behalf and then send in future request. Now because the server's sending this back to the client, and the client could be a mobile phone, or it could be a very powerful computer, the specification for cookies is designed to be limited, it's supposed to be a little bit of data. We don't want to overwhelm the client with the data that we're asking it to store. We don't want to send back terabytes of data and ask the client to store them on the server's behalf. So, Cookies are very small pieces of data, that get sent back to the client. And typically the way that cookies are delivered to the client is a header is placed into the response of that the server is sending back to the client. And what happens then is the client reads the cookie header, extracts a little bit of data that the server is asking it to store and then places it into a temporary storage. And then, on future request, when the client sends the request, it will place the cookie back into the headers, that it's sending to the server. So, the server can access that data again and for example, automatically identify that this is the same client that previously logged in or same client that previously added a particular item to its shopping cart. So cookies are important for a topic that we'll talk about later in the course, called sessions. Now, another important thing to note is that cookies, the server can try to give hints to indicate what the client should do in terms of how long it should store that data and the sensitivity and security regarding that data. So for example, cookies typically have an expiration date attached to them. And that's a time at which the server wants the client to forget the cookie and stop sending it with its request to the server. So for example, there's probably a limited amount of time that the server would like to register, you as being logged in. So, it wants to indicate to the client, at some point, it should forget about sending that cookie to you anymore because the server isn't going to register it as being a valid session or a log in anymore. Similarly, there are certain Cookies for example, that we don't want to transmit unencrypted in HTTP request. Normally we just send HTTP requests over the internet and we don't encrypt them. And there's another variant of HTTP that we'll talk about later called HTTPS, where we do encrypt the data that we are sending in order to protect it. But if we want to make sure that a cookie is protected, we can say for example, client only send this cookie back to the server if a secure link, or an HTTPS communication protocol is being used to talk to the server. So there's a variety of different indications that the server can provide to the client on how to handle the cookie, and what is the right way to store it, how long to store it, and when to send it or not send it, back to the server. And so, all of these things are very important for some of the concepts that we'll be talking about later when we need to remember a little bit of data for the servers, so that it can help figure out which client is which.
