How the Web Remembers You
When you visit a website and it remembers who you are, keeps you logged in, or saves items in your shopping cart, it’s not magic. The browser is storing small bits of data that help the site recognize you next time.
Let’s break down the three main ways the web “remembers” things:
- Cookies
- Sessions
- Local Storage
Why Do Websites Need to Remember Things?
The web is built on HTTP, which is stateless. That means each time you visit a website or load a new page, the site doesn’t automatically remember anything about your previous visit.
To make the internet more user-friendly, developers use ways to store information about you temporarily or permanently. This helps with:
- Logging you in
- Saving shopping cart contents
- Remembering site settings (like dark mode)
- Tracking visitors for analytics or ads
1. Cookies – Small Pieces of Data Sent by the Server
A cookie is a small text file that a website asks your browser to store. It usually contains a key-value pair, like:
user_id=12345
Whenever you visit the site again, your browser sends the cookie back so the server can recognize you.
How Cookies Work
- Set by the server (or JavaScript on the site)
- Stored in your browser
- Sent automatically with each request to the same domain
Example Uses
- Keeping you logged in
- Tracking your activity across pages
- Saving preferences (like language or theme)
Cookie Expiration
- Session cookies disappear when you close your browser
- Persistent cookies stay until a set expiration date
Security Note
Some cookies are marked as:
- Secure – only sent over HTTPS
- HttpOnly – not accessible via JavaScript (helps prevent attacks)
- SameSite – restricts when cookies are sent across different sites
2. Sessions – Data Stored on the Server
A session is a way for a website to store information about you on the server instead of in your browser.
How Sessions Work
- When you log in, the server creates a session with your info
- The server sends you a session ID, usually stored in a cookie
- Your browser sends that ID back on every request
- The server uses the ID to find your session and know who you are
Example Uses
- User authentication (logged-in status)
- Temporary form data
- Shopping carts on dynamic websites
Sessions vs Cookies
- Cookies store data in the browser
- Sessions store data on the server (only the session ID is in the browser)
3. Local Storage – For Front-End Data Storage
Local storage is a way for websites to save larger amounts of data in your browser, and it doesn’t get sent back to the server automatically.
How It Works
- JavaScript on the website can store key-value pairs
- The data stays even if you close the tab or browser (until you or the site clears it)
localStorage.setItem("theme", "dark");
Example Uses
- Saving theme preferences
- Caching small amounts of data for performance
- Remembering settings on single-page apps
Important Notes
- Local storage is domain-specific
- Can store about 5–10MB of data (much more than cookies)
- Not automatically encrypted—avoid storing sensitive info
Quick Comparison Table
| Feature | Cookies | Sessions | Local Storage |
|---|---|---|---|
| Stored In | Browser | Server | Browser |
| Accessible By | Server & JavaScript | Server only | JavaScript only |
| Expires | Can expire or be persistent | Usually when browser closes | Persistent until deleted |
| Sent With Requests | Yes (automatically) | Only session ID in cookie | No |
| Use Cases | Login, tracking, settings | Auth, temporary state | Settings, caching |
Why This Matters
Knowing how the web remembers you helps explain:
- Why you stay logged in
- How ads track your behavior
- Why clearing cookies logs you out of sites
- How developers build more responsive and personalized websites
If you’re learning about how the internet works, this topic will become important is you progress in your Pentesting career.
In Summary
- Cookies store small bits of info in your browser and get sent to the server
- Sessions store data on the server and use a cookie to identify you
- Local storage keeps data in your browser for use by front-end code
These tools let websites behave more like apps—and make your experience smoother and more personalized.