Talk:HTTP cookie

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Former featured article HTTP cookie is a former featured article. Please see the links under Article milestones below for its original nomination page (for older articles, check the nomination archive) and why it was removed.
Main Page trophy This article appeared on Wikipedia's Main Page as Today's featured article on May 8, 2006.
          This article is of interest to the following WikiProjects:
WikiProject Computing (Rated C-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
C-Class article C  This article has been rated as C-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
 
WikiProject Internet (Rated C-class, High-importance)
WikiProject icon This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
C-Class article C  This article has been rated as C-Class on the project's quality scale.
 High  This article has been rated as High-importance on the project's importance scale.
 
WikiProject Computer Security / Computing  (Rated C-class, High-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
C-Class article C  This article has been rated as C-Class on the project's quality scale.
 High  This article has been rated as High-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (marked as Mid-importance).
 
Version 0.5 (Rated C-class)
WikiProject icon This article has been selected for Version 0.5 and subsequent release versions of Wikipedia.
C-Class article C  This article has been rated as C-Class on the quality scale.
 ???  This article has not yet received a rating on the importance scale.
 
Note icon
This article is within of subsequent release version of Engineering, applied sciences, and technology.
WikiProject Spoken Wikipedia
WikiProject icon This article is within the scope of WikiProject Spoken Wikipedia, a collaborative effort to improve the coverage of articles that are spoken on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 
WikiProject Websites / Computing  (Rated C-class, High-importance)
WikiProject icon This article is part of WikiProject Websites, an attempt to create and link together articles about the major websites on the web. To participate, you can edit the article attached to this page, or visit the project page.
C-Class article C  This article has been rated as C-Class on the quality scale.
 High  This article has been rated as High-importance on the importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 

File extension of cookies[edit]

What file extension do cookies normally have? 87.112.48.16 (talk) 11:40, 16 January 2014 (UTC)

They don't have a standard file extension as they are not typically stored individually as files on disk. Rather, each browser has its own proprietary store format for cookies. Alistair1978 (talk) 14:23, 16 January 2014 (UTC)

Default value for path?[edit]

The article says: " If not specified, they default to the domain and path of the object that was requested." Other sources say the default value for the path is "/". The sentence is also inconsistent with the example in the paragraph above. Can someone confirm or disconfirm? —Preceding unsigned comment added by Weinzierl (talkcontribs) 02:01, 25 January 2009 (UTC)

I've clarified this with a source: the RFC is very explicit on this, and the current text was correct. However, this is the default when not sending a path attribute at all - which I have never seen in a cookie in the real world. — ErikRomijn (talk) 10:12, 4 March 2014 (UTC)

Session cookies surviving reboot[edit]

The statement "Web browsers normally delete session cookies when the user closes the browser" -Which is echoed across numerous software manual pages- may no longer be accurate.

Since 2006, some browsers have acquired a mode in which any pages open at browser shutdown are automatically reopenend at the next launch of the browser. In some implementations the session cookie from the previous instance of the page may also be cached and restored. This appears to happen even if a no-cache HTTP header has been sent. With some recent browser versions adopting this automatic page-restore mode as the default, the webmaster can no longer make any assumptions about the lifetime of session cookies.

References: 1 2 3 4

The security implications are quite far-reaching, since any oversight by the user in logging off from a website -or any systems failure which prevents manual logoff- can leave the session open to misuse by an interloper after browser shutdown, or even after a computer reboot. The user does not have to OK the saving of any password for this situation to arise. --Anteaus (talk) 21:51, 3 August 2014 (UTC)

Software for Managing Cookies[edit]

If there are programs for managing cookies, a section discussing them would be a valuable addition to this article. For example, has anyone created a program which would divide a browser's cookie list into 2 parts: 1) Protected Cookies & 2) Unprotected Cookies? Protected cookies would be cookies that the user designates to be protected, like a short list of sites for which the user wants the cookies to remain. Then the rest could be set to delete every time the browser is closed or by clicking on a menu item in the main browser menu, like "DELETE ALL UNPROTECTED COOKIES." I find it a great waste of time to have to sort through a ton of cookies & delete the undesired cookies, while keeping the few I want. Moreover, in Safari (for example) one gets a menu window with only about 6 cookies showing at a time & the confounded window spontaneously jumps around, so while you are highlighting cookies to delete, suddenly it jumps away from where you were in the list. If anyone has made a program to control such annoyances, the program should be added to this article. (EnochBethany (talk) 15:20, 24 March 2015 (UTC))

First cookie implementation[edit]

The first implementation of HTTP cookies in a browser is attributed to 0.9beta of Mosaic Netscape. Yet none of the provides sources confirm that. An internet search also yields no actual reliable sources. Mostly it's probably reciting of this Wikipedia Article. Can anyone confirm or find a source where it's stated that that specific version had the first HTTP cookie implementation? 81.11.200.192 (talk) 11:24, 21 May 2015 (UTC)

Semi-protected edit request on 28 July 2016[edit]

Under the section: SameSite cookie

Change this sentence: A cookie is given this characteristic by adding the SameSite flag to the cookie.

To: A cookie is given this characteristic by adding the SameSite=Lax or SameSite=Strict flag to the cookie.

See: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00

SameSite needs a value of "None", "Strict", or "Lax".


2604:6000:1011:C00A:B8AA:1DF4:4835:E151 (talk) 02:22, 28 July 2016 (UTC)

Done — Andy W. (talk ·ctb) 22:23, 28 July 2016 (UTC)