RFC 6265 — HTTP State Management Mechanism (Cookies) by node

This document defines the Cookie and Set-Cookie header fields, which let a server store a small amount of state on a client and have it returned on later requests — how a stateless protocol carries a session.