Cookie An HTTP Cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored in the user's web browser while the user is browsing.

Cookie were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers.

Other kinds of Cookie perform essential functions in the modern web. Perhaps most importantly, Authentication cookie are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with.

Without such a Authentication Method, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in.

The security of an Authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a Cookie's data to be read by a hacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the Cookie belongs (see cross-site scripting and cross-site request forgery for examples).[1]

The Tracking Cookie, and especially third-party tracking Cookie, are commonly used as ways to compile long-term records of individuals' browsing histories – a potential privacy concern that prompted European[2] and U.S. law makers to take action in 2011.[3][4] European law requires all websites targeting European Union member states gain "Informed Consent" from users before storing non-essential Cookie on their device.

Besides Privacy Considerations, cookies also have some technical drawbacks. In particular: If more than one browser is used on a computer, each usually has a separate storage area for cookies. Hence a Cookie does not identify a person, but a combination of a user account, a computer, and a web browser. Thus, anyone who uses multiple accounts, computers, or browsers has multiple sets of cookies.

Likewise, cookies do not differentiate between multiple users who share the same user account, computer, and browser.

The use of cookies may generate an inconsistency between the state of the client and the state as stored in the Cookie.

If the user acquires a Cookie and then clicks the "Back" button of the browser, the state on the browser is generally not the same as before that acquisition.

As an example, if the shopping cart of an online shop is built using cookies, the content of the cart may not change when the user goes back in the browser's history: if the user presses a button to add an item in the shopping cart and then clicks on the "Back" button, the item remains in the shopping cart. This might not be the intention of the user, who possibly wanted to undo the addition of the item. This can lead to unreliability, confusion, and bugs. Web developers should therefore be aware of this issue and implement measures to handle such situations.

Cookie Ldapwiki refers you to europa: Cookies With server-side sessions you will either have to store the Session ID in a database, or else keep it in memory and make sure that the client always hits the same server. (Session Affinity)

Both of these have drawbacks. In the case of the database (or other centralized storage), this becomes a bottleneck and a thing to maintain - essentially an extra query to be done with every request.

There might be more information for this subject on one of the following: