Quiz

  1. Also, when a first time login happens and a cookie is set to remember someone's name, is this like a 'nickname' that doesn't have to be unique and just gives the web app something to refer to the user as, or is it more of a userID that is specific to the user? It seems like storing any unique data in cookies is not very secure, so I'm trying to figure out what data is appropriate for cookies.

    Great question. A cookie is just data. It depends on how the cookie is being used. If it's being used as a key into a database, or as an identifer, then, yes, it needs to be unique. But in other cases, it might not.

    Cookies aren't secure, but you have to ask whether they can be effectively tampered with. Consecutive UIDs would be bad. Random strings would be good.

  2. So, when one clears their browser cache, they're also requesting to delete the cookies?

    Usually, your browser will ask you whether you want to delete the cookies as well.

  3. With incognito mode, if you have a request.cookies.get in your code, will incognito mode cause issues?

    Another great question. Incognito mode clears stuff, including cookies, when the tab is closed. But until the tab is closed, the cookies work fine.

  4. Can you go over why we need Chrome DevTools?

    It makes it easier to debug if you can look at what the browser is seeing and sending.

  5. Do all cookies expire?

    Yes, though sometimes not for years and years, so effectively not.

  6. Do different browsers have different limitations for cookies? Are we expected to use cookies in this class?

    I assume there are differences, though the W3C sets minimum standards.

  7. Are we expected to use cookies in this class?

    Yes, though possibly not directly. Cookies are a building block of sessions, which you are required to use.

    You might only use sessions, but cookies are useful in their own right, and also worth knowing as a step towards sessions.

  8. Where does our browser save cookies?

    It depends on the browser. Almost certainly in a small SQL database stored on your laptop, probably in your home directory somewhere.

  9. Why does using a msg instead of flash() help avoid the session cookie?

    flash() uses cookies, so I wanted to avoid confusion.

  10. I didn't understand why you couldn't used the get-redirect-post method, could you explain that futher?

    I could have, but I wanted to keep the example as simple as I could.

  11. Can I bring shortbread cookies to class

    Yes please!