Content deleted Content added
Etymology Tags: Mobile edit Mobile web edit |
m Reverted edits by 123.2.180.66 (talk) to last version by Xhienne |
||
Line 1:
{{pp-pc1|expiry=10 February 2016|small=yes}}
{{HTTP}}
An '''HTTP cookie''' (also called '''web cookie''', '''Internet cookie''', '''browser cookie''' or simply '''cookie'''), is a small piece of data sent from a website and stored in the user's [[web browser]] while the user is browsing it. Every time the user loads the website, the browser sends the cookie back to the server to notify the user's previous activity.<ref>{{cite web |url = http://tools.ietf.org/html/rfc6265#section-3|work = IETF|title = HTTP State Management Mechanism – Overview|date = April 2011|accessdate = }}</ref> Cookies were designed to be a reliable mechanism for websites to remember [[program state|stateful]] information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, [[Access control|logging in]], or recording which pages were visited in the past). Cookies can also store passwords and form content a user has previously entered, such as a credit card number or an address.
The '''tracking cookies''', and especially [[#Third-party_cookie|'''third-party tracking cookies''']], are commonly used as ways to compile long-term records of individuals' browsing histories {{En dash}} a potential [[Internet privacy#HTTP cookies|privacy concern]] that prompted European<ref>{{cite web |title=What about the "EU Cookie Directive"? |url=http://webcookies.org/faq/#Directive |year=2013 |publisher=WebCookies.org}}</ref> and U.S. law makers to take action in 2011.<ref name="eulaw">{{cite news |url=http://www.bbc.co.uk/news/technology-12668552 |work=BBC |title=New net rules set to make cookies crumble |date=2011-03-08 }}</ref><ref>{{cite web |url=http://adage.com/article/digital/sen-rockefeller-ready-a-real-track-bill/227426/ |work=Adage.com |title=Sen. Rockefeller: Get Ready for a Real Do-Not-Track Bill for Online Advertising |date=2011-05-06}}</ref>
Other kinds of cookies perform essential functions in the modern web. Perhaps most importantly, '''authentication cookies''' are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in. The security of an authentication cookie generally depends on the security of the issuing website and the user's [[Comparison of web browsers#Vulnerabilities|web browser]], and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie's data to be read by a [[Hacker (computer security)|hacker]], used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the cookie belongs (see [[cross-site scripting]] and [[cross-site request forgery]] for examples).<ref>{{cite web |url=http://news.cnet.com/8301-10789_3-9918582-57.html |first=Robert |last=Vamosi |title=Gmail cookie stolen via Google Spreadsheets |date=2008-04-14}}</ref>
==Background==
| |||