Talk:HTTP cookie

	HTTP cookie is a former featured article. Please see the links under Article milestones below for its original nomination page (for older articles, check the nomination archive) and why it was removed.
	This article appeared on Wikipedia's Main Page as Today's featured article on May 8, 2006.
Article milestones Date Process Result January 16, 2006 Peer review Reviewed January 28, 2006 Featured article candidate Promoted April 7, 2009 Featured article review Demoted June 6, 2011 Good article nominee Not listed Current status: Former featured article

This article has not yet been rated on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Please add the quality rating to the {{WikiProject banner shell}} template instead of this project banner. See WP:PIQA for details. Computing C‑class Mid‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles C This article has been rated as C-class on Wikipedia's content assessment scale. Mid This article has been rated as Mid-importance on the project's importance scale. Please add the quality rating to the {{WikiProject banner shell}} template instead of this project banner. See WP:PIQA for details. Internet C‑class High‑importance This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.InternetWikipedia:WikiProject InternetTemplate:WikiProject InternetInternet articles C This article has been rated as C-class on Wikipedia's content assessment scale. High This article has been rated as High-importance on the project's importance scale. Please add the quality rating to the {{WikiProject banner shell}} template instead of this project banner. See WP:PIQA for details. Computer Security: Computing C‑class High‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles C This article has been rated as C-class on Wikipedia's content assessment scale. High This article has been rated as High-importance on the project's importance scale. This article is supported by WikiProject Computing (assessed as Mid-importance). Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

Template:V0.5

	Spoken Wikipedia
This article is within the scope of WikiProject Spoken Wikipedia, a collaborative effort to improve the coverage of articles that are spoken on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Spoken WikipediaWikipedia:WikiProject Spoken WikipediaTemplate:WikiProject Spoken WikipediaSpoken Wikipedia articles

Websites: Computing C‑class High‑importance

This article is part of WikiProject Websites, an attempt to create and link together articles about the major websites on the web. To participate, you can edit the article attached to this page, or visit the project page.WebsitesWikipedia:WikiProject WebsitesTemplate:WikiProject WebsitesWebsites articles C This article has been rated as C-class on Wikipedia's content assessment scale. High This article has been rated as High-importance on the importance scale. This article is supported by WikiProject Computing.

This article is substantially duplicated by a piece in an external publication. Since the external publication copied Wikipedia rather than the reverse, please do not flag this article as a copyright violation of the following source: Surhone, L. M., Timpledon, M. T., & Marseken, S. F. (2010), Online advertising: World Wide Web, interactive advertising, HTTP cookie, Betascript Publishing{{citation}}: CS1 maint: multiple names: authors list (link) Additional comments OCLC 709610692, ISBN 9786132026712.

Archives

Archive 1 Archive 2 Archive 3 Archive 4

What file extension do cookies normally have? 87.112.48.16 (talk) 11:40, 16 January 2014 (UTC)[reply]

They don't have a standard file extension as they are not typically stored individually as files on disk. Rather, each browser has its own proprietary store format for cookies. Alistair1978 (talk) 14:23, 16 January 2014 (UTC)[reply]

The article says: " If not specified, they default to the domain and path of the object that was requested." Other sources say the default value for the path is "/". The sentence is also inconsistent with the example in the paragraph above. Can someone confirm or disconfirm? —Preceding unsigned comment added by Weinzierl (talk • contribs) 02:01, 25 January 2009 (UTC)[reply]

I've clarified this with a source: the RFC is very explicit on this, and the current text was correct. However, this is the default when not sending a path attribute at all - which I have never seen in a cookie in the real world. — ErikRomijn (talk) 10:12, 4 March 2014 (UTC)[reply]

The statement "Web browsers normally delete session cookies when the user closes the browser" -Which is echoed across numerous software manual pages- may no longer be accurate.

Since 2006, some browsers have acquired a mode in which any pages open at browser shutdown are automatically reopenend at the next launch of the browser. In some implementations the session cookie from the previous instance of the page may also be cached and restored. This appears to happen even if a no-cache HTTP header has been sent. With some recent browser versions adopting this automatic page-restore mode as the default, the webmaster can no longer make any assumptions about the lifetime of session cookies.

References: 1 2 3 4

The security implications are quite far-reaching, since any oversight by the user in logging off from a website -or any systems failure which prevents manual logoff- can leave the session open to misuse by an interloper after browser shutdown, or even after a computer reboot. The user does not have to OK the saving of any password for this situation to arise. --Anteaus (talk) 21:51, 3 August 2014 (UTC)[reply]

If there are programs for managing cookies, a section discussing them would be a valuable addition to this article. For example, has anyone created a program which would divide a browser's cookie list into 2 parts: 1) Protected Cookies & 2) Unprotected Cookies? Protected cookies would be cookies that the user designates to be protected, like a short list of sites for which the user wants the cookies to remain. Then the rest could be set to delete every time the browser is closed or by clicking on a menu item in the main browser menu, like "DELETE ALL UNPROTECTED COOKIES." I find it a great waste of time to have to sort through a ton of cookies & delete the undesired cookies, while keeping the few I want. Moreover, in Safari (for example) one gets a menu window with only about 6 cookies showing at a time & the confounded window spontaneously jumps around, so while you are highlighting cookies to delete, suddenly it jumps away from where you were in the list. If anyone has made a program to control such annoyances, the program should be added to this article. (EnochBethany (talk) 15:20, 24 March 2015 (UTC))[reply]

@jirabot BioPseudo (talk) 07:01, 7 April 2017 (UTC)[reply]

The first implementation of HTTP cookies in a browser is attributed to 0.9beta of Mosaic Netscape. Yet none of the provides sources confirm that. An internet search also yields no actual reliable sources. Mostly it's probably reciting of this Wikipedia Article. Can anyone confirm or find a source where it's stated that that specific version had the first HTTP cookie implementation? 81.11.200.192 (talk) 11:24, 21 May 2015 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

Under the section: SameSite cookie

Change this sentence: A cookie is given this characteristic by adding the SameSite flag to the cookie.

To: A cookie is given this characteristic by adding the SameSite=Lax or SameSite=Strict flag to the cookie.

See: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00

SameSite needs a value of "None", "Strict", or "Lax".

2604:6000:1011:C00A:B8AA:1DF4:4835:E151 (talk) 02:22, 28 July 2016 (UTC)[reply]

Done — Andy W. (talk · ctb) 22:23, 28 July 2016 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

68.50.217.21 (talk) 05:24, 1 September 2016 (UTC)[reply]

 Not done No changes requested. -- Dane2007 ^talk 05:52, 1 September 2016 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

65.24.223.244 (talk) 00:26, 12 September 2016 (UTC)[reply]

Not done: Blank request — JJMC89 (T·C) 00:43, 12 September 2016 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

Please add {{Merge from|Secure cookies}} to hatnotes of the article. 80.221.159.67 (talk) 21:11, 22 October 2016 (UTC)[reply]

As for reasons for merging the article itself, there is overlapping areas of information in the articles. Secure cookie page already redirects to a section of this article (HTTP cookie#Secure cookie). I don't see much of things new value to warrant a new article for secure cookies. 80.221.159.67 (talk) 21:13, 22 October 2016 (UTC)[reply]

Done — JJMC89 (T·C) 04:52, 2 November 2016 (UTC)[reply]

The Secure cookies article is an awful mix of misinformation and hearsay. Even the title would want to be changed to the singular. If there hadn't been a merge tag already, I'd have just redirected it here. There is very little worth saving that isn't already in this article. Lithopsian (talk) 16:48, 1 December 2016 (UTC)[reply]

This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request.

In the sentence "As an example, the browser sends its first request to the homepage of the www.example.org website:", change "to the homepage" to "for the homepage".  This is a small grammatical or logic error.  The request is sent to the server, not the homepage.  The GET request is for the homepage.

CurtisLeeBolin (talk) 13:34, 8 November 2016 (UTC)[reply]

Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format. - Mlpearc (open channel) 13:51, 8 November 2016 (UTC)[reply]

 Done — Andy W. (talk) 20:10, 8 November 2016 (UTC)[reply]