Observe a bounded cookie lifecycle

Observe cookie creation, request selection, and cleanup as separate browser steps.

  • cookies
  • browsers

Prediction

A stored cookie is sent only when request scope and browser context match its attributes. Cleanup should expire only the fixed scenario cookie.

Controlled observation

Run the three choices in order. Set asks the browser to store one fixed cookie; check reports whether that pair was selected for a matching request; clear sends the same scope with Max-Age=0. The browser request uses credentials: include and the Worker returns one exact origin plus Access-Control-Allow-Credentials: true.

Explanation

Cookie scope does not use the same tuple as origin, and CORS does not force a cookie to be stored or sent. HTTPClarity and its Lab are different origins but same-site HTTPS subdomains. This exercise therefore demonstrates only that reviewed same-site context; it makes no cross-site or third-party-cookie claim.

Reset changes the displayed choice but deliberately does not modify browser storage. Run the clear choice to remove the fixed cookie.

Controlled exercise

Run this observation

Run set, check, and clear in order to separate Set-Cookie receipt, browser selection, Cookie sending, and deletion.

Ready. No request has run.

Controlled request

Method
POST
URL
https://lab.httpclarity.com/v1/cookies/set
Permitted headers
None
Body
None

Browser-observed response

No live response yet. The representative static example remains useful without JavaScript or the Worker.

Static response example

HTTP/1.1 200 OK
Set-Cookie: httpclarity_lab=demo; Max-Age=300; Path=/v1/cookies; Secure; HttpOnly; SameSite=Lax
Access-Control-Allow-Credentials: true

{"action":"set","scenario":"cookies"}

Timing is browser elapsed time. Fetch hides Set-Cookie, raw wire bytes, reliable compressed size, and some redirect details.

Portable examples

cURL
'curl' '--include' '--cookie-jar' '.httpclarity-cookies.txt' '--request' 'POST' 'https://lab.httpclarity.com/v1/cookies/set'
Scroll horizontally to read any long lines.
Fetch API
const response = await fetch("https://lab.httpclarity.com/v1/cookies/set", {
  "method": "POST",
  "credentials": "include"
});
console.log(response.status, await response.text());
Scroll horizontally to read any long lines.
PHP
<?php
$options = ['http' => [
    'method' => 'POST',
    'ignore_errors' => true,
]];
$context = stream_context_create($options);
$body = file_get_contents('https://lab.httpclarity.com/v1/cookies/set', false, $context);
var_dump($http_response_header, $body);
Scroll horizontally to read any long lines.

Need a full API client? Copy the generated cURL command, then import it in Hoppscotch. HTTPClarity sends no request data to Hoppscotch.

Continue in Hoppscotch (opens in a new tab)

Primary sources