The fact is that cookies have some limitations:
Cookies are tied to domains, usually the domain that sent the cookie.
Cookies can be tied to paths on the web server.
A cookie contains only text information, 4096 bytes at max (including the cookie name and the
=character between the name and value).
Browsers must only accept up to 20 cookies per domain and 300 cookies in total (although some browsers accept more).
The (unofficial) cookie specification goes back to Netscape and is still available at
http://wp.netscape.com/newsref/std/cookie_spec.html. There have been attempts to create a special Request for Comment (RFC) for next-generation cookies, but this hasn't found any reasonable browser support yet.
Cookies are sent as part of the HTTP header. If a cookie is set, the HTTP header entry
Set-Cookie is created. The name and value of the cookie (both strings) follow and, optionally, further information such as expiration date, domain, and path of the cookie. For instance, when visiting
http://www.php.net/, the PHP website sends this header entry (your mileage may vary, especially in terms of the language and IP address used):
Set-Cookie: COUNTRY=DEU%2C188.8.131.52; expires=Thu, 19-May-05 15:23:29 GMT; path=/; domain=.php.net
When the browser (or the user) accepts the cookie, it is then sent back to the server in the HTTP header
A cookie can have an expiration date. If that is set, the cookie lives up to this date (at most) and is a so-called persistent cookie. After that, the browser automatically deletes the cookiebut this could also happen earlier, for instance when the maximum number of cookies in the browser is reached and the oldest cookies are purged. If, however, no cookie expiration date is set, a so-called session cookie or temporary cookie has been created. This lives as long as the web browser is running. When it is closed, the cookie is deleted.
To actually see the HTTP headers, you could use special extensions to standard web browsers. For Mozilla browsers (including Firefox), the LiveHTTPHeaders extension available at
http://livehttpheaders.mozdev.org/ is a real time-saver. Users of Microsoft Internet Explorer might be interested in installing ieHTTPHeaders, an Explorer bar available from
http://www.blunck.info/iehttpheaders.html. Figure shows some of the output the Firefox extension shows when accessing the PHP home page.
Cookies are set as part of the HTTP header.