Storing data with a cookie

Two Different Models For A Reminder To Save Information

We have already discussed that a cookie is really just a name value pair of the site's choosing. Where a site wants to store a single discreet piece of information the cookie can be very straight forward, e.g. zip=90210 is a great way for a site to store a zip code, if that is the only piece of information it needs to reference on that browser.

Unfortunately if a site needs more information, perhaps a full mailing address to prepopulate a shipping address form we'd need an awful lot of cookies, e.g. fname=John, lname=Doe, add1=666 Mockingbird Lane, add2=Apt1, city=Los Angles, state=CA, zip=90210. In practice it becomes easier not to move all that data back and forth but rather for the server to issue a single cookie e.g. customer=JohnDoe or cus_id=abc123 and then for the server to keep an internal record that the address for cus_id abc123 is as above.

While there is no formal distinction for these 2 different ways of using cookies, it may be practical to refer to one as direct storage and the other as referential storage

Direct Storage Cookie

The data referenced by a Direct Storage cookie is usually pretty easy to understand by looking directly at the cookie. These cookies will tend to have a fairly self explanatory name value pairing, e.g. sex=male, zip=90210, langpref=english, age=24, etc. One common factor among cookies which access data this way is that they tend not to be unique. In other words, it is very unlikely that you would be the only one to have the exact same name/value pairing. In fact for a cookie like sex= you might expect about half the people to have one value and half to have the other :)

Referential Storage Cookie

By contrast referential cookies are almost always unique and users are rarely able to discern what the server can glean about them from the cookie simply by looking at it. If a cookie simply reads id=abc123 the meaning of the cookie is limited to all the other things "abc123" has been associated with. If it has been associated with an IP address and that IP address has been mapped to geo location, then equally the cookie is now mapped to geo location (if A=B & B=C then A=C) . If the cookie has been mapped to a form response that included name, address and email, then the cookie is now essentially a reference to those data points. This is particularly important as we start to think about the logging we previously described, because everything that is ever logged against a unique cookie is for the life of that cookie referenceable by that cookie.