Difference between revisions of "HTTP cookie"

From Wiki @ Karl Jones dot com
Jump to: navigation, search
(Created page with "An '''HTTP cookie''' (also called '''web cookie''', '''Internet cookie''', '''browser cookie''' or simply '''cookie'''), is a small piece of data (computing) sent from a [...")
(No difference)

Revision as of 08:45, 10 September 2015

An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie), is a small piece of data (computing) sent from a website and stored in a user's web browser while the user is browsing that website.

(TO DO: expand, organize, cross-reference, illustrate.)

Description

Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity.

Purpose

Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items in a shopping cart) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited by the user as far back as months or years ago).

Privacy concerns

Although when everything is working correctly, cookies cannot carry viruses, and cannot install malware on the host computer, tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories -- a potential privacy concern that prompted European and U.S. law makers to take action in 2011.

Credentials

Cookies can also store passwords and form content a user has previously entered, such as a credit card number or an address.

Other kinds of cookies perform essential functions in the modern web.

User session

Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with (see User session).

Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in.

The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted.

Security vulnerabilities

Security vulnerabilities may allow a cookie's data to be read by a hacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples).

See also

External links