create example script as resp :
#!/bin/bash
http_code=200
mime=text/html
echo -e "HTTP/1.1 $http_code OK\r"
echo "Content-type: $mime"
echo
echo "Set-Cookie: name=F"
then make executable and execute like this.
./resp | nc -l -p 12346
open browser and browse URL: http://localhost:1236 you will see Cookie value which is sent by Browser
[aaa@bbbbbbbb ]$ ./resp | nc -l -p 12346 GET / HTTP/1.1 Host: xxx.xxx.xxx.xxx:12346 Connection: keep-alive Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8,ru;q=0.6 Cookie: name=F
Apart from what it's written in other answers, other details related to path of cookie, maximum age of cookie, whether it's secured or not also passed in Set-Cookie response header. For instance:
Set-Cookie:
name=
value[; expires=
date][; domain=
domain][; path=
path][; secure
]
However, not all of these details are passed back to the server by the client when making next HTTP request.
You can also set HttpOnly
flag at the end of your cookie, to indicate that your cookie is httponly and must not allowed to be accessed, in scripts by javascript code. This helps to prevent attacks such as session-hijacking.
For more information, see RFC 2109. Also have a look at Nicholas C. Zakas's article, HTTP cookies explained.
Cookies are passed as HTTP headers, both in the request (client -> server), and in the response (server -> client).
Source: Stackoverflow.com