Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

w

HTTP The Definitive Guide

Cookies can be used to track users as they make multiple transactions to a web site. E-commerce web
sites use session cookies to keep track of users' shopping carts as they browse. Let's take the example
of the popular shopping site Amazon.com. When you type http://www.amazon.com into your browser,
you start a chain of transactions where the web server attaches identification information through a
series of redirects, URL rewrites, and cookie setting.
Figure 11-5 shows a transaction sequence captured from an Amazon.com visit:
•

Figure 11-5a—Browser requests Amazon.com root page for the first time.
•

Figure 11-5b—Server redirects the client to a URL for the e-commerce software.
•

Figure 11-5c—Client makes a request to the redirected URL.
•

Figure 11-5d—Server slaps two session cookies on the response and redirects the user to
another URL, so the client will request again with these cookies attached. This new URL is a
fat URL, meaning that some state is embedded into the URL. If the client has cookies
disabled, some basic identification can still be done as long as the user follows the
Amazon.com-generated fat URL links and doesn't leave the site.
•

Figure 11-5e—Client requests the new URL, but now passes the two attached cookies.
•

Figure 11-5f—Server redirects to the home.html page and attaches two more cookies.
•

Figure 11-5g—Client fetches the home.html page and passes all four cookies.
•

Figure 11-5h—Server serves back the content.

 

Figure 11-5. The Amazon.com web site uses session cookies to track users

用会话cookie跟踪用户