[ACCEPTED]-Can One Domain Have Multiple Cookies?-cookies

Yes :)

I would speculate that the cookies 10 were created by separate components of the 9 website, which were created by separate 8 teams of developers. We, of all people, should 7 realize that this is often the case when 6 we need to get some development done but 5 do not have time to wait for collaboration 4 or for another team to develop a necessary 3 layer for us.

From wikipedia:

Relevant count 2 of maximum stored cookies per domain for 1 the major browsers are:

• Firefox 3.0: 50
• Opera 9: 30
• Internet Explorer 7: 50

Can one domain generate multiple cookies 8 on visitor's web browser?

Yes. The exact 7 limit depends on the browser, Internet Explorer used to accept 20 but increased this to 50.

If so, when 6 user vists the website, which cookies will 5 be delivered to server?

All of them

And why 4 would a website generate multiple cookies?

So 3 that you don't need to serialise all the 2 data (which could be from unrelated parts 1 of the system) in one cookie.

A cookie is just a single key/value pair, with 3 optional domain, path, expiration and access 2 settings.

Reasons to separate data into separate 1 cookies include:

• Easier to maintain code - various bits of the site that need to store state don't need to interoperate with each other to pack it all into one cookie.
• Easier user management - the end user (you) can see more easily what is stored, and can selectively delete certain cookies.
• Different usages - for example, a cookie holding your session key can be marked secure; httpOnly;, while cookies that hold UI preferences can still be accessed via javascript.
• Reduce request size - if some cookies are only used for certain pages, the path property can be used so they aren't sent unnecessarily for pages they aren't needed on.

A server can specify any number of cookies 12 and each cookie is specified in its own 11 Set-Cookie header.

Each Set-Cookie header contains at least 10 the CookieName=CookieValue pair, and may contain other key=value pairs 9 in addition to either a secure or httpOnly attribute. These 8 additional pairs and attributes are metadata 7 referring to the actual cookie and cannot 6 be used to set additional cookies.

When a 5 client sends cookies back to a server it 4 combines them all into a single Cookie header. This 3 is possible because the client never sends 2 the metadata back, only the cookie name 1 and value.

Consider this HTTP exchange:

GET / HTTP/1.1
Host: www.example.com

HTTP/1.1 302 Found
Location: http://www.example.com/index.html
Set-Cookie: UserID=12345; Expires=Wed, 09 Jun 2021 10:18:14 GMT; domain=.example.com;path=/index.html; httpOnly`
Set-Cookie: SessionID=6478; domain=.example.com;path=/index.html; httpOnly
Set-Cookie: foo=bar

GET /index.html HTTP/1.1
Host: www.example.com
Cookie: UserID=12345; SessionID=6478; foo=bar

When you write a program, do you use just 3 one variable? No, right?

Same principle here 2 - cookies are just key/value pairs that 1 your program (server/client) can use.

Yes, one domain can generate many cookies. The 1 maximum number varies by browser.

-Every site can create any number of cookies 6 it desires. (But it seams this may vary 5 from browser to browser)

-When the user visits 4 the web site all active cookies will be 3 sent.

-It makes sense to have multiple cookies 2 to store separate data. In an extreme comparison 1 compare cookies to classes ;)