Suppose you are running sessions.
You check to see if the browser contains a session cookie. If so, you authenticate the cookie and find the user with whom the session is associated and proceed to processing the request.
If you did not find the session cookie, you create a new session and send the cookie to the browser, which you expect to receive on subsequent requests.
Now my question is: if you found a session cookie in the request, could you please resend the same cookie in response. Under what circumstances is this right?
Note. I set this up as a Pyramid programmer (Python) because the Pyramid implementation unconditionally sends session cookies to each response. ( go to code )
As a rule, you do not need to set a cookie for each response. The browser already has a cookie and it will continue to send it to the server if it is still valid.
In particular, a Pyramid session cookie is set for each request because it contains a secret and a timeout that can expire separately from the usual cookie expiration mechanisms. By setting a new cookie every time Pyramid receives an updated timestamp to indicate that the session is still fresh. In other words, the set of cookies is different every time.
cookie ( cookie , , ), , , . , , ( ), .
> cookie. < ! > , , . < cookie? > , cookie. < .
cookie , - . , . , , cookie, .
- PHP, PHP- ( ). , : a) b) , , , , cookie > .
2109/2965, cookie . , ?