Content deleted Content added
Sohom Datta (talk | contribs) |
Citation bot (talk | contribs) Removed URL that duplicated identifier. | Use this bot. Report bugs. | Suggested by Headbomb | Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox | #UCB_webform_linked 99/990 |
||
| (7 intermediate revisions by 7 users not shown) | |||
Line 5:
{{HTTP}}
An '''HTTP
Cookies serve useful and sometimes essential functions on the [[World Wide Web|web]]. They enable web servers to store [[program state|stateful]] information (such as items added in the shopping cart in an [[Online shopping|online store]]) on the user's device or to track the user's browsing activity (including clicking particular buttons, [[access control|logging in]], or recording which [[Web browsing history|pages were visited in the past]]).<ref>{{Cite web|title=What are cookies? What are the differences between them (session vs. persistent)?|url=https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117925-technote-csc-00.html|id=117925|date=2018-07-17|website=Cisco|language=en}}</ref> They can also be used to save information that the user previously entered into [[Form (HTML)|form field]]s, such as names, addresses, [[password]]s, and [[payment card number]]s for subsequent use.
Line 24:
Together with John Giannandrea, Montulli wrote the initial Netscape cookie specification the same year. Version 0.9beta of [[Netscape Navigator|Mosaic Netscape]], released on October 13, 1994,<ref name="JgNeY">{{cite web |url=http://wp.netscape.com/newsref/pr/newsrelease1.html |title=Press Release: Netscape Communications Offers New Network Navigator Free On The Internet |access-date=2010-05-22 |archive-url = https://web.archive.org/web/20061207145832/http://wp.netscape.com/newsref/pr/newsrelease1.html |archive-date=2006-12-07}}</ref><ref name="8YpTv">{{cite web |url=https://groups.google.com/group/comp.infosystems.www.users/msg/9a210e5f72278328 |title=Usenet Post by Marc Andreessen: Here it is, world! |date=1994-10-13 |access-date=2010-05-22 |archive-url=https://web.archive.org/web/20110427123350/http://groups.google.com/group/comp.infosystems.www.users/msg/9a210e5f72278328 |archive-date=2011-04-27 |url-status=live}}</ref> supported cookies.<ref name="kristol" /> The first use of cookies (out of the labs) was checking whether visitors to the Netscape website had already visited the site. Montulli applied for a patent for the cookie technology in 1995, which was granted in 1998.<ref>{{Cite patent|country=US|number=5774670|pubdate=1998-06-30|title=Persistent client state in a hypertext transfer protocol based client-server system|assign1=[[Netscape Communications Corp.]]|inventor1-last=Montulli|inventor1-first=Lou}}</ref> Support for cookies was integrated with [[Internet Explorer]] in version 2, released in October 1995.<ref name="95BiI">{{cite news |first=Sandi |last=Hardmeier |url=https://www.microsoft.com/windows/IE/community/columns/historyofie.mspx |title=The history of Internet Explorer |publisher=Microsoft |date=2005-08-25 |access-date=2009-01-04 |archive-url=https://web.archive.org/web/20051001113951/http://www.microsoft.com/windows/IE/community/columns/historyofie.mspx |archive-date=2005-10-01 |url-status=live}}</ref>
The introduction of cookies was not widely known to the public at the time. In particular, cookies were accepted by default, and users were not notified of their presence.<ref>{{Cite journal |last=Miyazaki |first=Anthony D. |date=2008 |title=Online Privacy and the Disclosure of Cookie Use: Effects on Consumer Trust and Anticipated Patronage |url=http://journals.sagepub.com/doi/10.1509/jppm.27.1.19 |journal=Journal of Public Policy & Marketing |language=en |volume=27 |issue=1 |pages=19–33 |doi=10.1509/jppm.27.1.19 |issn=0743-9156|url-access=subscription }}</ref> The public learned about cookies after the ''[[Financial Times]]'' published an article about them on February 12, 1996.<ref name="B3JMd">{{cite news|last=Jackson|first=T|title=This Bug in Your PC is a Smart Cookie|newspaper=Financial Times|date=1996-02-12}}</ref> In the same year, cookies received a lot of media attention, especially because of potential privacy implications. Cookies were discussed in two U.S. [[Federal Trade Commission]] hearings in 1996 and 1997.<ref name="UjTred" />
The development of the formal cookie specifications was already ongoing. In particular, the first discussions about a formal specification started in April 1995 on the www-talk [[electronic mailing list|mailing list]]. A special working group within the [[Internet Engineering Task Force]] (IETF) was formed. Two alternative proposals for introducing state in HTTP transactions had been proposed by [[Brian Behlendorf]] and David Kristol respectively. But the group, headed by Kristol himself and Lou Montulli, soon decided to use the Netscape specification as a starting point. In February 1996, the working group identified third-party cookies as a considerable privacy threat. The specification produced by the group was eventually published as RFC 2109 in February 1997. It specifies that third-party cookies were either not allowed at all, or at least not enabled by default.<ref name="RFC2109">{{Cite ietf|rfc=2109 |section=8.3 }}</ref> At this time, advertising companies were already using third-party cookies. The recommendation about third-party cookies of RFC 2109 was not followed by Netscape and Internet Explorer. RFC 2109 was superseded by RFC 2965 in October 2000.
Line 40:
A ''persistent cookie'' expires at a specific date or after a specific length of time. For the persistent cookie's lifespan set by its creator, its information will be transmitted to the server every time the user visits the website that it belongs to, or every time the user views a resource belonging to that website from another website (such as an advertisement).
For this reason, persistent cookies are sometimes referred to as ''tracking cookies''<ref>{{Cite journal |last1=Bujlow |first1=Tomasz |last2=Carela-Espanol |first2=Valentin |last3=Lee |first3=Beom-Ryeol |last4=Barlet-Ros |first4=Pere |date=2017 |title=A Survey on Web Tracking: Mechanisms, Implications, and Defenses
===Secure cookie===
Line 58:
A ''supercookie'' is a cookie with an origin of a [[top-level ___domain]] (such as <code>.com</code>) or a public suffix (such as <code>.co.uk</code>). Ordinary cookies, by contrast, have an origin of a specific ___domain name, such as <code>example.com</code>.
Supercookies can be a potential security concern and are therefore often blocked by web browsers. If unblocked by the browser, an attacker in control of a malicious website could set a supercookie and potentially disrupt or impersonate legitimate user requests to another website that shares the same top-level ___domain or public suffix as the malicious website. For example, a supercookie with an origin of <code>.com</code>
The [[Public Suffix List]]<ref name="oN0iG">{{cite web|url=https://publicsuffix.org/learn/|title=Learn more about the Public Suffix List|website=Publicsuffix.org|access-date=28 July 2016|archive-url=https://web.archive.org/web/20160514000450/https://publicsuffix.org/learn/|archive-date=14 May 2016|url-status=live}}</ref> helps to mitigate the risk that supercookies pose. The Public Suffix List is a cross-vendor initiative that aims to provide an accurate and up-to-date list of ___domain name suffixes. Older versions of browsers may not have an up-to-date list, and will therefore be vulnerable to supercookies from certain domains.
Line 73:
==Structure==
A cookie consists of the following components:<ref name="Peng, Weihong 2000">{{cite journal|title=HTTP Cookies, A Promising Technology|journal=ProQuest|publisher=Online Information Review|last1=Peng|first1=Weihong|last2=Cisna|first2=Jennifer|year=2000|id={{ProQuest|194487945}}}}</ref><ref name="Stenberg, Daniel 2009">Jim Manico quoting Daniel Stenberg, [http://manicode.blogspot.it/2009/08/real-world-cookie-length-limits.html Real world cookie length limits] {{Webarchive|url=https://web.archive.org/web/20130702114435/http://manicode.blogspot.it/2009/08/real-world-cookie-length-limits.html |date=2013-07-02}}</ref><ref>{{Cite journal |last1=Lee |first1=Wei-Bin |last2=Chen |first2=Hsing-Bai |last3=Chang |first3=Shun-Shyan |last4=Chen |first4=Tzung-Her |date=2019-01-25 |title=Secure and efficient protection for HTTP cookies with self-verification |url=https://onlinelibrary.wiley.com/doi/10.1002/dac.3857 |journal=International Journal of Communication Systems |language=en |volume=32 |issue=2 |pages=e3857 |doi=10.1002/dac.3857|s2cid=59524143 |url-access=subscription }}</ref>
# Name
Line 218:
Website operators who do not disclose third-party cookie use to consumers run the risk of harming consumer trust if cookie use is discovered. Having clear disclosure (such as in a [[privacy policy]]) tends to eliminate any negative effects of such cookie discovery.<ref name="dCj3R">Miyazaki, Anthony D. (2008), "Online Privacy and the Disclosure of Cookie Use: Effects on Consumer Trust and Anticipated Patronage," Journal of Public Policy & Marketing, 23 (Spring), 19–33</ref>{{Failed verification|date=October 2022|reason=The article says the opposite: that apriori disclosure of cookies reduces trust, and that nobody reads privacy policies anyway.}}
The [[United States]] government
===EU cookie directive===
Line 384:
<!-- Dead note "rfc2": RFC 2109 and RFC 2965, HTTP State Management Mechanism ([[Internet Engineering Task Force|IETF]]) -->
===Sources===
* Anonymous, 2011. Cookiejacking Attack Steals Website Access Credentials. Informationweek - Online, pp. Informationweek - Online, May 26, 2011.
Line 407:
[[Category:Hypertext Transfer Protocol headers|Cookie]]
[[Category:Internet privacy]]
[[Category:Hacking (computer security)]]
[[Category:Tracking]]
| |||