When Twilio makes a request to your SMS request URL and your web application server returns a cookie (a "Set-Cookie" HTTP response header), Twilio stores this cookie and associates it with the "From" and "To" numbers for the incoming SMS message.
Twilio will then include the cookie that you set (as a "Cookie" HTTP request header) for subsequent requests to your web server with the same "From" and "To" phone numbers.
Here are some limitations to Twilio cookies:
- The cookie will expire after 4 hours. So if an incoming call or SMS message arrives 4 hours after the cookie was set, then the expired cookie will not be included with the request.
- Only one cookie is stored. If you need to set more than one cookie, consider implementing a session cookie instead, and storing values in the session.
- Cookies cannot be set on outgoing API calls and SMS messages. Twilio only accepts cookies when the outgoing proxy server makes a request to your server. It cannot accept cookies when you make a request to api.twilio.com.
- The cookie is keyed by "From" and "To" phone numbers. This information may not be enough information to distinguish a conversation for your use case.