Before we jump into Flash and JScript, let's take a moment to really understand cookies and the function they serve in the world of HTTP and web applications. It is actually not entirely necessary for you to understand cookies before you can use them for data storage with the code I have provided here; however, the section that follows will help provide you with a broader perspective on the technology we will be exploring.
First of all, one of the biggest challenges developers face when designing applications for the web is the fact that HTTP is inherently stateless. In other words, HTTP defines a protocol for clients (usually browsers) to make requests to servers and for servers to respond to those requests. That's essentially it. How can a server know that two consecutive requests were from the same client? Why is that you can enter a username and password once, and not have to re-authenticate every time you make a new request? A server cannot depend on clients' IP addresses being unique because any number of users could be using a single proxy server and therefore all appear to have the same IP address. Netscape's answer (which has since become a widely adopted standard) was cookies.
Let's say one day you get tired of typing in your username password at your favorite news site, and you finally check the checkbox below the password field labeled "Remember my login information." When you click the Submit button and the server finds that checkbox checked, it will send back a cookie header in the HTTP response, which might look something like this:
HTTP/1.1 200 OK Set-Cookie: credentials="cantrell;lucy"; Version="1"; \Path="/"; expires=Wednesday, 01-Jan-03 00:00:00 GMT
The first line of the header specifies the protocol and version (HTTP/1.1) and the response code (200 OK ) indicating to your browser that the request was processed successfully on the server. The next line of the header is telling your browser to set a cookie named credentials to the value of "cantrell;lucy" (cantrell being the user name, lucy being the password).
When your browser parses that portion of the header, it will make an appropriate entry in its cookie database, and from then until midnight on January 1, 2003, it will send the cookie name/value pair in any request to the domain that originally set the cookie. For instance, if the cookie was set by the domain planetearthgazette.com, then any request back to http://www.planetearthgazette.com using the same browser that was used at the time the cookie was set will contain a request header with the cookie information. The server then watches for the cookie in certain requests and, where it finds it, automatically uses the username and password to authenticate the user.