Difference between revisions of "Cookies"

From MgmtWiki
Jump to: navigation, search
(History)
(History)
Line 7: Line 7:
  
 
===History===
 
===History===
Starting from the entry on [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie in Wikipedia] we find that Lou Montulli of Netscape ported cookies from Unix to the Mosaic browser to enable an e-commerce application that was requested by Vint Cert, inter alia in 1994. The point was to save state on the client computer rather in the browser. While this was not the only solution to create session state between the user (as a client) and the web site (as a server), it proved to be the most flexible. David Kristal at Bell Labs started the standardization process in April 1995<ref name="kristol">Kristol, David; ''HTTP Cookies: Standards, privacy, and politics'', ACM Transactions on Internet Technology, 1(2), 151–198, 2001 [https://arxiv.org/abs/cs.SE/0105018 arXiv:cs/0105018v1 [cs.SE&#93;])</ref>, the same time Netscape applied for a patent. The IETF issued RFC 2106 in February 1997.
+
Starting from the entry on [https://en.wikipedia.org/wiki/HTTP_cookie HTTP Cookie in Wikipedia] we find that Lou Montulli of Netscape ported cookies from Unix to the Mosaic browser to enable an e-commerce application that was requested by Vint Cert, inter alia in 1994. The point was to save state on the client computer rather in the browser. While this was not the only solution to create session state between the user (as a client) and the web site (as a server), it proved to be the most flexible. David Kristal at Bell Labs started the standardization process in April 1995<ref name="kristol">Kristol, David; ''HTTP Cookies: Standards, privacy, and politics'', ACM Transactions on Internet Technology, 1(2), 151–198, 2001 [https://arxiv.org/abs/cs.SE/0105018 arXiv:cs/0105018v1 [cs.SE&#93;])</ref>, the same time Netscape applied for a patent. The IETF issued RFC 2106 in February 1997. By then advertising companies were already using third-party cookies. The recommendation about third-party cookies of RFC 2109 was not followed by Netscape and Internet Explorer. RFC 2109 was superseded by RFC 2965 in October 2000.
 
 
At this time, advertising companies were already using third-party cookies. The recommendation about third-party cookies of RFC 2109 was not followed by Netscape and Internet Explorer. RFC 2109 was superseded by RFC 2965 in October 2000.
 
  
 
RFC 2965 added a <code>Set-Cookie2</code> header, which informally came to be called "RFC 2965-style cookies" as opposed to the original <code>Set-Cookie</code> header which was called "Netscape-style cookies".<ref>{{cite web |url=https://staff.washington.edu/fmf/2009/06/19/setting-cookies/ |title=Setting Cookies |date=June 19, 2009 |website=staff.washington.edu}}</ref><ref>The [[edbrowse]] documentation version 3.5 said "Note that only Netscape-style cookies are supported.  However, this is the most common flavor of cookie.  It will probably meet your needs." This paragraph was removed in [http://edbrowse.org/usersguide.html#cook later versions of the documentation] further to RFC 2965's deprecation.</ref> <code>Set-Cookie2</code> was seldom used however, and was deprecated in RFC 6265 in April 2011 which was written as a definitive specification for cookies as used in the real world.<ref name="HTTPStateMgmtToPS">{{cite web|last1=Hodges|first1=Jeff|last2=Corry|first2=Bil|title='HTTP State Management Mechanism' to Proposed Standard|url=http://www.thesecuritypractice.com/the_security_practice/2011/03/http-state-management-mechanism-to-proposed-standard.html|website=The Security Practice|accessdate=17 June 2016|date=6 March 2011}}</ref>
 
RFC 2965 added a <code>Set-Cookie2</code> header, which informally came to be called "RFC 2965-style cookies" as opposed to the original <code>Set-Cookie</code> header which was called "Netscape-style cookies".<ref>{{cite web |url=https://staff.washington.edu/fmf/2009/06/19/setting-cookies/ |title=Setting Cookies |date=June 19, 2009 |website=staff.washington.edu}}</ref><ref>The [[edbrowse]] documentation version 3.5 said "Note that only Netscape-style cookies are supported.  However, this is the most common flavor of cookie.  It will probably meet your needs." This paragraph was removed in [http://edbrowse.org/usersguide.html#cook later versions of the documentation] further to RFC 2965's deprecation.</ref> <code>Set-Cookie2</code> was seldom used however, and was deprecated in RFC 6265 in April 2011 which was written as a definitive specification for cookies as used in the real world.<ref name="HTTPStateMgmtToPS">{{cite web|last1=Hodges|first1=Jeff|last2=Corry|first2=Bil|title='HTTP State Management Mechanism' to Proposed Standard|url=http://www.thesecuritypractice.com/the_security_practice/2011/03/http-state-management-mechanism-to-proposed-standard.html|website=The Security Practice|accessdate=17 June 2016|date=6 March 2011}}</ref>

Revision as of 13:26, 29 May 2018

Full Title and Meme

Cookies are chunks of data that are placed in a user agent (typically a browser) that allow a web site to maintain continuing of user experience.

The problem with cookies is the power that it gives the web site, or a widget hosted on the web site to track the user.

Context

History

Starting from the entry on HTTP Cookie in Wikipedia we find that Lou Montulli of Netscape ported cookies from Unix to the Mosaic browser to enable an e-commerce application that was requested by Vint Cert, inter alia in 1994. The point was to save state on the client computer rather in the browser. While this was not the only solution to create session state between the user (as a client) and the web site (as a server), it proved to be the most flexible. David Kristal at Bell Labs started the standardization process in April 1995[1], the same time Netscape applied for a patent. The IETF issued RFC 2106 in February 1997. By then advertising companies were already using third-party cookies. The recommendation about third-party cookies of RFC 2109 was not followed by Netscape and Internet Explorer. RFC 2109 was superseded by RFC 2965 in October 2000.

RFC 2965 added a Set-Cookie2 header, which informally came to be called "RFC 2965-style cookies" as opposed to the original Set-Cookie header which was called "Netscape-style cookies".[2][3] Set-Cookie2 was seldom used however, and was deprecated in RFC 6265 in April 2011 which was written as a definitive specification for cookies as used in the real world.[4]

Problems

Solutions

References

  1. Kristol, David; HTTP Cookies: Standards, privacy, and politics, ACM Transactions on Internet Technology, 1(2), 151–198, 2001 arXiv:cs/0105018v1 [cs.SE])
  2. {{#invoke:citation/CS1|citation |CitationClass=web }}
  3. The edbrowse documentation version 3.5 said "Note that only Netscape-style cookies are supported. However, this is the most common flavor of cookie. It will probably meet your needs." This paragraph was removed in later versions of the documentation further to RFC 2965's deprecation.
  4. {{#invoke:citation/CS1|citation |CitationClass=web }}