Django Cookies Handling

Learn a way to setup Cookies in Django.

Django is a framework that allows us to interact with cookies. Cookies which gives the possibility of storing and retrieving data that are saved in sessions. These cookies have an expiration date and are deleted after a specified amount of time that has passed.  We know that whenever we log in to any web page or application, the site will ask for the storage of our user id and password, as well as the auto-filling of a few details based on our previous logged in sessions. This is all done using cookies. Similarly, we can store cookies on the client-side to assist end-users in making their jobs easier.

What are cookies in Django

Cookies, also known as HTTP Cookies, which are the little text files that the browser creates and maintains in response to a specific Web-Server request. The browser saves them locally, and most browsers will display you the cookies that have been generated under the Privacy and Security settings. When a request is sent to a server using HTTP protocol, the server is unable to tell whether the user is new or has previously visited the site. If you log in to a website, the website will send cookies to your browser that contain a unique user identity issued by the server as well as other information relevant to the website’s context.

How do Django Cookie Work

• The request is sent to the server by the browser.
• The server transmits the response to the browser along with one or more cookies.
• The cookie that the browser receives from the server is saved. From now on, every time a request is made to the server, the browser will send this cookie to the server until the cookie expires.
• The cookie is removed from the browser when it expires.

Cookies are used in a variety of contexts, for example: when you log in to a website or shop online. The cookies that Google AdSense and Google Analytics create can also be used to track you. Cookies are used differently by different websites depending on their needs.

What is the purpose of cookies in Django

Sometimes we may have noticed that if we leave an eCommerce or social networking site like Facebook without signing out, the account remains signed in the next time we visit the site. Cookies are used to accomplish this (which contain user-session information).

Similarly, we can see product recommendations on several eCommerce websites. This is due to the cookies that store the search results on your browser.

Cookies Attributes in Django

A cookie attribute in Django can do one of two things. It can place (set) a cookie on a user’s computer and then access those cookies (get).

1. Set Cookies in Django.

   1. This cookie attribute creates a cookie, which the server sends to the user’s browser to save data. set cookie() has the following syntax:
      set_cookie(cookie_name, value, max_age = None, expires = None)

      cookie_name: It provides the cookie name. Value: The text or variable you wish to store in the cookie is specified by value.

      max_age: It’s the duration of a cookie in seconds. It will expire at the end of the period. It’s an optional parameter; if it’s not set, the cookie will remain active until the browser is closed.

      Expires: A string in the format “Wdy, DD-Mon-YY HH:MM:SS GMT” or a datetime.datetime object in UTC should be used. The max_age will be determined if expires is a datetime object.

2. Get Cookies in Django.

   1. The server uses this feature to retrieve previously delivered cookies and read data from them. To obtain the cookie, use the following syntax:
      request.COOKIES['cookie_Name']

Django Cookie Enable and Disable

The settings python file determines which cookies are enabled and disabled. The settings file contains session variables that can handle session cookies. Cookies are enabled and disabled manually by setting, updating, and deleting cookies. There are additional session-level cookies that can be set to true if necessary.

By default, it's are set to FALSE. These session cookies are secure since they are encrypted. We can use session cookies and update the number of counts whenever a specific website is visited by employing various techniques.

Important note to keep in mind while using Cookies

1. Cookies should never be used to store sensitive information such as passwords. Because cookies store data in plain text, anyone can access and modify them.
2. Most browsers won’t let you save more than 4KB of data in a cookie (i.e. 4KB for each cookie). Furthermore, most browsers will only accept up to 30 cookies per website.
3. Remember that once the cookie is placed in the browser, it will be sent to the server with each request. Let’s imagine we’ve put 20 cookies, each 4KB in size, for a total of 80KB. That means that every time the browser sends a request to the server, it must send an additional 80KB of data!
4. The cookies can be deleted at any time by the user. Users can even set their browsers to refuse to accept cookies altogether.

Issues with Django Cookies Security

• Client Information can be misused.
• Users can be tracked.
• The client may delete the cookies.

Limitations of Django Cookies

• Each cookie can hold up to 4096 bytes of data.
• Both the browser and the server can store cookies.