HTTP cookie: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 10:25, 31 March 2025 view source Lionel Cristiano (talk \| contribs) Extended confirmed users 4,053 edits →Sources Tags: Mobile edit Mobile web edit Advanced mobile edit ← Previous edit		Latest revision as of 07:46, 26 August 2025 view source Citation bot (talk \| contribs) Bots 5,869,569 edits Removed URL that duplicated identifier. \| Use this bot. Report bugs. \| Suggested by Headbomb \| Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox \| #UCB_webform_linked 99/990
(4 intermediate revisions by 4 users not shown)
Line 5: {{HTTP}} An '''HTTP cookie''' (also called '''web cookie''', '''Internet cookie''', '''browser cookie''', or simply '''cookie''') is a small block of [[data (computing)\|data]] created by a [[web server]] while a [[user (computing)\|user]] is [[browsing]] a [[website]] and placed on the user's computer or other device by the user's [[web browser]]. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session. Cookies serve useful and sometimes essential functions on the [[World Wide Web\|web]]. They enable web servers to store [[program state\|stateful]] information (such as items added in the shopping cart in an [[Online shopping\|online store]]) on the user's device or to track the user's browsing activity (including clicking particular buttons, [[access control\|logging in]], or recording which [[Web browsing history\|pages were visited in the past]]).<ref>{{Cite web\|title=What are cookies? What are the differences between them (session vs. persistent)?\|url=https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117925-technote-csc-00.html\|id=117925\|date=2018-07-17\|website=Cisco\|language=en}}</ref> They can also be used to save information that the user previously entered into [[Form (HTML)\|form field]]s, such as names, addresses, [[password]]s, and [[payment card number]]s for subsequent use. Line 24: Together with John Giannandrea, Montulli wrote the initial Netscape cookie specification the same year. Version 0.9beta of [[Netscape Navigator\|Mosaic Netscape]], released on October 13, 1994,<ref name="JgNeY">{{cite web \|url=http://wp.netscape.com/newsref/pr/newsrelease1.html \|title=Press Release: Netscape Communications Offers New Network Navigator Free On The Internet \|access-date=2010-05-22 \|archive-url = https://web.archive.org/web/20061207145832/http://wp.netscape.com/newsref/pr/newsrelease1.html \|archive-date=2006-12-07}}</ref><ref name="8YpTv">{{cite web \|url=https://groups.google.com/group/comp.infosystems.www.users/msg/9a210e5f72278328 \|title=Usenet Post by Marc Andreessen: Here it is, world! \|date=1994-10-13 \|access-date=2010-05-22 \|archive-url=https://web.archive.org/web/20110427123350/http://groups.google.com/group/comp.infosystems.www.users/msg/9a210e5f72278328 \|archive-date=2011-04-27 \|url-status=live}}</ref> supported cookies.<ref name="kristol" /> The first use of cookies (out of the labs) was checking whether visitors to the Netscape website had already visited the site. Montulli applied for a patent for the cookie technology in 1995, which was granted in 1998.<ref>{{Cite patent\|country=US\|number=5774670\|pubdate=1998-06-30\|title=Persistent client state in a hypertext transfer protocol based client-server system\|assign1=[[Netscape Communications Corp.]]\|inventor1-last=Montulli\|inventor1-first=Lou}}</ref> Support for cookies was integrated with [[Internet Explorer]] in version 2, released in October 1995.<ref name="95BiI">{{cite news \|first=Sandi \|last=Hardmeier \|url=https://www.microsoft.com/windows/IE/community/columns/historyofie.mspx \|title=The history of Internet Explorer \|publisher=Microsoft \|date=2005-08-25 \|access-date=2009-01-04 \|archive-url=https://web.archive.org/web/20051001113951/http://www.microsoft.com/windows/IE/community/columns/historyofie.mspx \|archive-date=2005-10-01 \|url-status=live}}</ref> The introduction of cookies was not widely known to the public at the time. In particular, cookies were accepted by default, and users were not notified of their presence.<ref>{{Cite journal \|last=Miyazaki \|first=Anthony D. \|date=2008 \|title=Online Privacy and the Disclosure of Cookie Use: Effects on Consumer Trust and Anticipated Patronage \|url=http://journals.sagepub.com/doi/10.1509/jppm.27.1.19 \|journal=Journal of Public Policy & Marketing \|language=en \|volume=27 \|issue=1 \|pages=19–33 \|doi=10.1509/jppm.27.1.19 \|issn=0743-9156\|url-access=subscription }}</ref> The public learned about cookies after the ''[[Financial Times]]'' published an article about them on February 12, 1996.<ref name="B3JMd">{{cite news\|last=Jackson\|first=T\|title=This Bug in Your PC is a Smart Cookie\|newspaper=Financial Times\|date=1996-02-12}}</ref> In the same year, cookies received a lot of media attention, especially because of potential privacy implications. Cookies were discussed in two U.S. [[Federal Trade Commission]] hearings in 1996 and 1997.<ref name="UjTred" /> The development of the formal cookie specifications was already ongoing. In particular, the first discussions about a formal specification started in April 1995 on the www-talk [[electronic mailing list\|mailing list]]. A special working group within the [[Internet Engineering Task Force]] (IETF) was formed. Two alternative proposals for introducing state in HTTP transactions had been proposed by [[Brian Behlendorf]] and David Kristol respectively. But the group, headed by Kristol himself and Lou Montulli, soon decided to use the Netscape specification as a starting point. In February 1996, the working group identified third-party cookies as a considerable privacy threat. The specification produced by the group was eventually published as RFC 2109 in February 1997. It specifies that third-party cookies were either not allowed at all, or at least not enabled by default.<ref name="RFC2109">{{Cite ietf\|rfc=2109 \|section=8.3 }}</ref> At this time, advertising companies were already using third-party cookies. The recommendation about third-party cookies of RFC 2109 was not followed by Netscape and Internet Explorer. RFC 2109 was superseded by RFC 2965 in October 2000. Line 40: A ''persistent cookie'' expires at a specific date or after a specific length of time. For the persistent cookie's lifespan set by its creator, its information will be transmitted to the server every time the user visits the website that it belongs to, or every time the user views a resource belonging to that website from another website (such as an advertisement). For this reason, persistent cookies are sometimes referred to as ''tracking cookies''<ref>{{Cite journal \|last1=Bujlow \|first1=Tomasz \|last2=Carela-Espanol \|first2=Valentin \|last3=Lee \|first3=Beom-Ryeol \|last4=Barlet-Ros \|first4=Pere \|date=2017 \|title=A Survey on Web Tracking: Mechanisms, Implications, and Defenses ~~\|url=https://ieeexplore.ieee.org/document/7872467~~ \|journal=Proceedings of the IEEE \|volume=105 \|issue=8 \|pages=1476–1510 \|doi=10.1109/JPROC.2016.2637878 \|issn=0018-9219\|hdl=2117/108437 \|hdl-access=free }}</ref><ref>{{Citation \|last1=Rasaii \|first1=Ali \|title=Exploring the Cookieverse: A Multi-Perspective Analysis of Web Cookies \|date=2023 \|work=Passive and Active Measurement \|volume=13882 \|pages=623–651 \|editor-last=Brunstrom \|editor-first=Anna \|url=https://link.springer.com/10.1007/978-3-031-28486-1_26 \|access-date=2024-08-24 \|place=Cham \|publisher=Springer Nature Switzerland \|language=en \|doi=10.1007/978-3-031-28486-1_26 \|isbn=978-3-031-28485-4 \|last2=Singh \|first2=Shivani \|last3=Gosain \|first3=Devashish \|last4=Gasser \|first4=Oliver \|editor2-last=Flores \|editor2-first=Marcel \|editor3-last=Fiore \|editor3-first=Marco\|url-access=subscription }}</ref> because they can be used by advertisers to record information about a user's web browsing habits over an extended period of time. Persistent cookies are also used for reasons such as keeping users logged into their accounts on websites, to avoid re-entering login credentials at every visit. {{Crossreference\|selfref=no\|(See {{section link\|\|Uses}}, below.)}} ===Secure cookie=== Line 73: ==Structure== A cookie consists of the following components:<ref name="Peng, Weihong 2000">{{cite journal\|title=HTTP Cookies, A Promising Technology\|journal=ProQuest\|publisher=Online Information Review\|last1=Peng\|first1=Weihong\|last2=Cisna\|first2=Jennifer\|year=2000\|id={{ProQuest\|194487945}}}}</ref><ref name="Stenberg, Daniel 2009">Jim Manico quoting Daniel Stenberg, [http://manicode.blogspot.it/2009/08/real-world-cookie-length-limits.html Real world cookie length limits] {{Webarchive\|url=https://web.archive.org/web/20130702114435/http://manicode.blogspot.it/2009/08/real-world-cookie-length-limits.html \|date=2013-07-02}}</ref><ref>{{Cite journal \|last1=Lee \|first1=Wei-Bin \|last2=Chen \|first2=Hsing-Bai \|last3=Chang \|first3=Shun-Shyan \|last4=Chen \|first4=Tzung-Her \|date=2019-01-25 \|title=Secure and efficient protection for HTTP cookies with self-verification \|url=https://onlinelibrary.wiley.com/doi/10.1002/dac.3857 \|journal=International Journal of Communication Systems \|language=en \|volume=32 \|issue=2 \|pages=e3857 \|doi=10.1002/dac.3857\|s2cid=59524143 \|url-access=subscription }}</ref> # Name Line 218: Website operators who do not disclose third-party cookie use to consumers run the risk of harming consumer trust if cookie use is discovered. Having clear disclosure (such as in a [[privacy policy]]) tends to eliminate any negative effects of such cookie discovery.<ref name="dCj3R">Miyazaki, Anthony D. (2008), "Online Privacy and the Disclosure of Cookie Use: Effects on Consumer Trust and Anticipated Patronage," Journal of Public Policy & Marketing, 23 (Spring), 19–33</ref>{{Failed verification\|date=October 2022\|reason=The article says the opposite: that apriori disclosure of cookies reduces trust, and that nobody reads privacy policies anyway.}} The [[United States]] government ~~has~~ set strict rules on setting cookies in 2000 after it was disclosed that the White House [[Office of National Drug Control Policy\|drug policy office]] used cookies to track computer users viewing its online anti-drug advertising. In 2002, privacy activist Daniel Brandt found that the [[Central Intelligence Agency\|CIA]] had been leaving persistent cookies on computers that had visited its website. When notified it was violating policy, CIA stated that these cookies were not intentionally set and stopped setting them. On December 25, 2005, Brandt discovered that the [[National Security Agency]] (NSA) had been leaving two persistent cookies on visitors' computers due to a software upgrade. After being informed, the NSA immediately disabled the cookies.<ref name="BnfI7">{{cite news \|url=https://www.nytimes.com/2005/12/29/national/29cookies.html \|newspaper=New York Times \|title=Spy Agency Removes Illegal Tracking Files \|date=2005-12-29 \|access-date=2017-02-19 \|archive-url=https://web.archive.org/web/20111112115242/http://www.nytimes.com/2005/12/29/national/29cookies.html \|archive-date=2011-11-12 \|url-status=live}}</ref> ===EU cookie directive=== Line 407: [[Category:Hypertext Transfer Protocol headers\|Cookie]] [[Category:Internet privacy]] ~~[[Category:Wikipedia articles with ASCII art]]~~ [[Category:Hacking (computer security)]] [[Category:Tracking]]