The cookie is a name/value pair in the HTTP header.

The format is: Host+Port=Time(Sequence)Random; HttpOnly; SameSite=Strict

Cookies are used only for the purpose of identifing the session. No cookies are set to work between sessions, so there is no client identification or tracking done.

Where the name is formed by the host name and port. This allows the server to quickly identify the appropriate cookie when multiple cookies are returned which will happen in cases like the same host but different ports. To a degree if provides some of the functionality of the “SameSite=Strict” in that the server only looks at the cookie for the site.

The value is the time the session begins plus the sequence number of the session and a random value. This allows for a simple lookup for the related session. The random value provides uniqueness so that the cookie cannot otherwise be calculated.

“HttpOnly” tells the client not to share the cookie for non-HTTP uses, such as browser scripts.

“SameSite=Strict” requests that the cookie only be sent to the site that issued the cookie.