When you are served a web page, who builds the DOM document? Is it strictly the server printing HTML? How is the browser involved? I am specifically interested in knowing how is the document.cookie property populated.
A) The server populates document.cookie
B) The browser populates document.cookie
I am interested in this information because I'm studying how cookie stripping at proxy servers such as Varnish and Squid can affect cookies. If document.cookie was built by the server (option A above), then I would assume cookie stripping by proxies would affect the document.cookie property. I am however party inclined to think B is the case since I have a directive in a Varnish server to specifically strip a cookie, but the data of the cookie remains persistent in document.cookie even after stripping it from the request.
This question is especially important for people who have websites behind Varnish, since a request that comes attached with a cookie negates the use of cached data and generates a back-end hit.
The DOM is built and used by the browser based on the server's response. Part of the job of a browser's layout engine is to parse the HTML returned by the server into the DOM. Unfortunately, the different browsers use different layout engines, so the DOM tree sometimes has differences within it.
document.cookie specifically is a attribute of the DOM Level 1 spec. As was said, the correct answer is more or less (B). Cookies are packaged as part of the request that a client sends to the server, and although the server can set cookies in the response, in the end they all reside in the client side.