Comment by thaumasiotes

3 days ago

Session cookies are cookies that identify a session. They last however long you specify. A bank forces quick session expiry. Amazon doesn't.

Compare https://docs.djangoproject.com/en/5.2/topics/http/sessions/ .

> To use cookies-based sessions, set the SESSION_ENGINE setting to "django.contrib.sessions.backends.signed_cookies".

> When using the cookies backend the session data can be read by the client.

> A MAC (Message Authentication Code) is used to protect the data against changes by the client, so that the session data will be invalidated when being tampered with. The same invalidation happens if the client storing the cookie (e.g. your user’s browser) can’t store all of the session cookie and drops data.

5 comments

thaumasiotes

Reply
jadamson  3 days ago

No, they're not. This terminology is well-established.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Coo...

  • thaumasiotes  3 days ago

    You can believe what you like, but that won't change what people mean by the term "session cookie".

    If you try to communicate with other people using that definition of "session cookie", your communication will fail.

    • lcnPylGDnU4H9OF  3 days ago

      It's just a difference of context. If one is talking about their application and they say "session cookie", they probably mean "cookie that stores session data". If one is talking about different classifications of cookies in a browser, GP's definition of "session cookie" is correct.