Set-Cookie Header

The server sends cookies to the browser by adding the "Set-Cookie: cookie-name = cookie-value" HTTP header to the response. The browser saves cookies on the user's computer, and then sends them back to the server by adding the "Cookie: saved-cookie" header to the request.

Set-Cookie Example
HTTP/1.1 200 OK
Set-Cookie: theme=light
Set-Cookie: authToken=Fb2#fhyYxa7@ed;
Content-Type: text/html; charset=utf-8

There are several types of cookies:
  • Session Cookies: will be deleted when the user closes the browser.
  • Persistent Cookies: they expire on a specific date or after a certain period of time.
  • Http-Only Cookies: not available for client APIs such as the JavaScript Document.cookie API.
  • Secure Cookies: can only be transmitted over HTTPS.
  • Same-Site Cookies: the browser will only send cookies of the same site to the same site on which they are set.

Read more about cookies.