Sun Java System Access Manager 7 2005Q4 Technical Overview

Cookies Store User Information

A cookie is an information packet generated by a web server and passed to a web browser. The cookie maintains information about the user’s interactions with the web server that generated the cookie. For example, a web server can generate a cookie containing information a web browser needs to display a page according to the user’s preferences for language or layout.

The fact that a web server generates a cookie for a user does not guarantee that the user is allowed access to protected resources. The cookie simply stores information about the user.

Cookies are domain-specific. For example, a cookie generated by a web server within DomainA cannot be used by a web server in DomainB. Cookies can be passed only between servers in the same domain in which the cookie was set. Similarly, servers can set cookies only on servers within in their own domain.