Web Cookie Cutting

photo of John Michael Pierobon By: John Michael Pierobon

This is a follow up to my previous article on cookies. In it I mentioned that cookies are a method by which Web servers both store and retrieve information on the browser, and I also explain how to configure your browser to accept or reject cookies.

A protocol is a method by which two computers agree to communicate. As human beings, we use language as a protocol. For instance, in this article, written English is our protocol, or method of communication. On the Web, it is through an application protocol called HyperText Transfer Protocol (HTTP) that browsers and Web servers communicate.

Cookies are needed for many important Web applications, such as shopping carts, search engines, and Web-based electronic mail. Persistence is achieved through cookies. Persistence refers to transactions from a browser that must be processed by the same Web server to ensure the integrity of each transaction. Maintaining all items placed into a shopping cart or the actual credit card processing of the items in the shopping cart are examples of where persistence is required.

Cookies are also used to identify each request. Although each HTTP header request contains the IP (Internet Protocol) address of the requesting system, many times it is of a proxy server making the request on your behalf.

AOL is the classic example because they use proxy servers to access the Internet. Multiple users can enter a Web site with an identical IP address. In the case of AOL, multiple proxy servers are used. So there is a potential for the same user to go through a different proxy server as the user clicks through a Web site adding to the shopping cart. Without cookies it would be impossible to keep track of what is in the shopping cart or what pages have been visited.

Large Web sites with lots of traffic use multiple Web servers to balance the load. Traditional load balancing uses the IP address of the source to bind user sessions to a specific Web server. Thus traffic entering a Web site from AOL, or any other multiple proxy site, can wreak havoc because all traffic is bound to the same server.

Because routers and Layer 3 switches cannot read cookies nor track entire Web sessions, a new device called a "Web switch" has entered the market. Web switches have been designed around a distributed processing architecture that uses dedicated processors (typically two or more) on each switch port. These processors operate independently, handling the parsing and binding of all Web sessions. Thus, Web switches support content-intelligent processing functions.

This ability to capture, parse, and switch traffic based on HTTP cookies is called "cookie cutting". It is also called "cookie switching".

Cookie cutting gives large Web sites control over user traffic, and new options for providing customizing Web services. For example, if you are a frequent shopper at a particular Web site, a Web switch can examine your cookie, and determine that your request should be processed by the fastest server at the Web site.

In conclusion, cookie cutting is a significant step forward in bringing innovative new services to Web users while giving more control and flexibility to network administrators.

John Michael Pierobon is an Internet consultant based in Fort Lauderdale.
John Michael may be reached by sending electronic mail to pierobon@pierobon.org

Home | Résumé | Courses | Comments | HTML | Definitions | Articles | Books

Thank you for visiting.

© 2000 - 2006 John Michael Pierobon