../courses.php
The Browser's Role
BROWSER
90
Why The Browser Cannot Remember By Itself
Why ten requests from the same visitor can each arrive looking like the very first one.
A user adds three items to a shopping cart across three separate page loads on the same site. Each individual request, examined on its own, looks exactly like a request from someone who has never visited the site before, carrying nothing that connects it to the previous two. And yet the cart correctly holds all three items by the third page load. If each request genuinely looks brand new on its own, what is actually connecting them into one continuous shopping experience?
The underlying system a browser uses to talk to a server carries no built-in memory between one request and the next. Each one is handled completely independently, with nothing automatically tying it to any request that came before it. The only thing connecting these three requests into one continuous experience is whatever was deliberately added to carry that connection along, almost always a cookie, set on the first request and resent automatically on the second and third, which the server then uses to look up and add to the exact same stored cart each time.
Every request a browser sends is handled by the server as a complete, standalone event. Nothing about the underlying system connects one request to the next automatically, regardless of how closely together in time they happen or how clearly, to a person, they belong to the same visit.
This lack of built-in memory, often called statelessness, is not a flaw to be fixed, it is a basic property of how requests and responses work, which every other mechanism covered in this track, cookies most directly, exists specifically to work around.
A cookie set on one request and resent automatically on every later one to that same site is the most common way a browser carries a connecting thread between otherwise independent requests.
A server receiving a request with a cookie still treats that request as its own standalone event. What makes the experience feel continuous is that the server looks up stored information matching that cookie's value and folds it into how it responds, not that the request itself remembers anything.
This entire track, the avatar's request, its method, the response it receives, the page it displays, the links and forms it can follow, and the cookies it carries, together describes everything the browser side of a website actually does. What a server does with everything it receives is the subject of the next track in this curriculum.
Three independent requests, connected only by a resent cookie
POST /cart/add HTTP/1.1
Host: example.com
Cookie: session_id=abc123
item=tshirt
POST /cart/add HTTP/1.1
Host: example.com
Cookie: session_id=abc123
item=mug
GET /cart HTTP/1.1
Host: example.com
Cookie: session_id=abc123
Examined individually, with no knowledge of the others, each of these three requests carries everything it needs to be understood completely on its own, an address, a method, and, in two cases, a body. None of them references either of the other two requests in any way at all.
session_id=abc123 is the one piece of information present, identically, in all three requests. This is not something the underlying system added automatically, it is something the server asked the browser to store and resend, the way covered in the previous lecture.
On receiving each request, the server looks up whatever it has stored under this same session id, and adds whichever new item arrived, building up a cart entry the visitor never directly sees being constructed.
The final GET request carries no body and adds nothing new. It simply asks the server to report back whatever has already been accumulated under this same session, which is why it correctly shows both earlier items despite carrying no information about either of them directly itself.
Deleting the Cookie header from any one of these three requests would not cause an error, it would simply be treated as a request with no known session at all, which is exactly the situation covered in the previous lecture's discussion of a private window or a cleared cookie.
Statelessness is the rule; every appearance of memory is something added on top of it
Nothing about the underlying system connecting a browser and a server remembers anything between requests by default. Every example of a site appearing to remember a visitor, a cart, a login, a language preference, depends entirely on a mechanism, almost always a cookie, deliberately added specifically to work around this lack of built-in memory.
The connecting cookie value means nothing to the browser, only to the server
The browser's only job regarding a session cookie is storing it and resending it exactly as given. Every bit of meaning behind that value, which cart it points to, whether it is still valid, belongs entirely to the server's own stored records, not to anything the browser itself understands.
Removing the one shared detail removes the entire connection between requests
With the Cookie header absent from any of these three requests, that one request has no link to the other two at all, from the server's point of view. It is not partially connected or missing some detail, it is, as far as the server can tell, a request from someone entirely unconnected to the other two.
A server can choose to forget a stored session at any time, independent of anything the browser does
Even with a perfectly valid, correctly resent cookie, a server is free to have deleted or expired its own stored record for that session on its own side, in which case the cookie value still arrives correctly but no longer points to anything the server still has, producing the same practical effect as if memory had been lost entirely.
This whole track has been building toward exactly this one idea
The avatar's fixed set of moves, the request it sends, the response it receives, the page it displays, and the cookie it carries are not separate, unrelated facts. Together, they are the entire explanation for how a system with no built-in memory between requests can still support something as continuous-feeling as a multi-step shopping cart.
A third request missing the connecting cookie
GET /cart HTTP/1.1
Host: example.com
The third request carrying the same cookie as the first two
GET /cart HTTP/1.1
Host: example.com
Cookie: session_id=abc123
When an AI tool describes a multi-step user flow, three things are worth checking. First, does it correctly identify a cookie, or an equivalent deliberately added mechanism, as the only thing connecting otherwise independent requests, rather than assuming some built-in memory exists. Second, does it correctly attribute meaning behind a cookie's value to the server's own stored records, not to the browser. Third, does it account for a server being able to forget a session independently of whether the browser correctly resends a valid-looking cookie.
Remove the Cookie header from the second request in this lecture's example, and explain what the cart would actually contain by the time the third request runs.
Use your browser's developer tools on a real shopping site to confirm a cookie is present and identical across several requests made during one shopping session.
Explain, in your own words, why a server could correctly receive a valid-looking cookie on a request and still respond as though no session exists.
Summarize, in a few sentences, how every previous lecture in this track connects to this lecture's central idea about statelessness.
Predict what would happen to a multi-step process like this one if cookies were disabled in the browser entirely, and explain why.
Assuming any connection between two requests from the same visitor is automatic, rather than something deliberately added through a mechanism such as a cookie.
Believing a cookie's value carries its own meaning, rather than meaning that exists only in whatever the server has stored and looked up using that value.
Assuming a correctly sent, valid-looking cookie guarantees a session still exists on the server's side, when the server is free to have forgotten it independently.
Treating each request in a multi-step process as something the underlying system links together on its own, rather than as genuinely separate, standalone events.
Studying each topic in this track in isolation without connecting them, when together they form one complete explanation of how the browser side of a website actually behaves.
You can now explain statelessness, in concrete terms, as the absence of any built-in memory between one request and the next, and identify cookies as the deliberate mechanism most commonly added to work around it. You can also trace, end to end, how this track's ideas, the avatar's limited moves, requests, responses, rendering, links, forms, and cookies, combine into one full account of what a browser actually does, setting up the next track's focus on what happens on the server's side of that same exchange.
Login - Jit4All
Login
Welcome back to Jit4All