Cookies
Contents
Full Title and Meme
Cookies are chunks of data that are placed in a user agent (typically a browser) that allow a web site to maintain continuing of user experience.
The problem with cookies is the power that it gives the web site, or a widget hosted on the web site to track the user.
Context
History
Starting from the entry on HTTP Cookie in Wikipedia we find that Lou Montulli of Netscape ported cookies from Unix to the Mosaic browser to enable an e-commerce application that was requested by Vint Cert, inter alia in 1994. The point was to save state on the client computer rather in the browser. While this was not the only solution to create session state between the user (as a client) and the web site (as a server), it proved to be the most flexible. David Kristal at Bell Labs started the standardization process in April 1995[1], the same time Netscape applied for a patent. The IETF issued RFC 2106 in February 1997. By then advertising companies were already using third-party cookies. The recommendation about third-party cookies of RFC 2109 was not followed by Netscape and Internet Explorer. RFC 2109 was superseded by RFC 2965 in October 2000.
RFC 2965 added a Set-Cookie2
header, which informally came to be called "RFC 2965-style cookies" as opposed to the original Set-Cookie
header which was called "Netscape-style cookies".[2][3] Set-Cookie2
was seldom used however, and was deprecated in RFC 6265 in April 2011 which was written as a definitive specification for cookies as used in the real world.[4]
Problems
Security
One of
If it's not your computer, an attacker can do anything that the code allows it to do, including just hijacking the computer power for its own purposes.
Solutions
References
- ↑ Kristol, David; HTTP Cookies: Standards, privacy, and politics, ACM Transactions on Internet Technology, 1(2), 151–198, 2001 arXiv:cs/0105018v1 [cs.SE])
- ↑ {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ The edbrowse documentation version 3.5 said "Note that only Netscape-style cookies are supported. However, this is the most common flavor of cookie. It will probably meet your needs." This paragraph was removed in later versions of the documentation further to RFC 2965's deprecation.
- ↑ {{#invoke:citation/CS1|citation |CitationClass=web }}