Full Title and Meme

Cookies are chunks of data that are placed in a user agent (typically a browser) that allow a web site to maintain continuing of user experience.

The problem with cookies is the power that it gives the web site, or a widget hosted on the web site to track the user.

Context

History

Starting from the entry on HTTP Cookie in Wikipedia we find that Lou Montulli of Netscape ported cookies from Unix to the Mosaic browser to enable an e-commerce application that was requested by Vint Cert, inter alia in 1994. The point was to save state on the client computer rather in the browser. While this was not the only solution to create session state between the user (as a client) and the web site (as a server), it proved to be the most flexible. David Kristal at Bell Labs started the standardization process in April 1995^[1], the same time Netscape applied for a patent. The IETF issued RFC 2106 in February 1997. By then advertising companies were already using third-party cookies. The recommendation about third-party cookies of RFC 2109 was not followed by Netscape and Internet Explorer. RFC 2109 was superseded by RFC 2965 in October 2000.

RFC 2965 added a Set-Cookie2 header, which informally came to be called "RFC 2965-style cookies" as opposed to the original Set-Cookie header which was called "Netscape-style cookies".^[2]^[3] Set-Cookie2 was seldom used however, and was deprecated in RFC 6265 in April 2011 which was written as a definitive specification for cookies as used in the real world.^[4]

Problems

Tracking

One of the things th

Security

The first of the Laws of Security says that if an attacker can run code on your computer, it is not your computer any longer. Ever since JavaScript became necessary to render most web pages, the page that you see on your browser is running code that is not under your control. If it's not your computer, an attacker can do anything that the code allows it to do, including just hijacking the computer power for its own purposes. In particular it can

Solutions

References

↑ Kristol, David; HTTP Cookies: Standards, privacy, and politics, ACM Transactions on Internet Technology, 1(2), 151–198, 2001 arXiv:cs/0105018v1 [cs.SE])
↑ {{#invoke:citation/CS1|citation |CitationClass=web }}
↑ The edbrowse documentation version 3.5 said "Note that only Netscape-style cookies are supported. However, this is the most common flavor of cookie. It will probably meet your needs." This paragraph was removed in later versions of the documentation further to RFC 2965's deprecation.
↑ {{#invoke:citation/CS1|citation |CitationClass=web }}

[kristol-1] Kristol, David; HTTP Cookies: Standards, privacy, and politics, ACM Transactions on Internet Technology, 1(2), 151–198, 2001 arXiv:cs/0105018v1 [cs.SE])

[2] {{#invoke:citation/CS1|citation |CitationClass=web }}

[3] The edbrowse documentation version 3.5 said "Note that only Netscape-style cookies are supported. However, this is the most common flavor of cookie. It will probably meet your needs." This paragraph was removed in later versions of the documentation further to RFC 2965's deprecation.

[HTTPStateMgmtToPS-4] {{#invoke:citation/CS1|citation |CitationClass=web }}

[1]

[2]

[3]

[4]

Cookies

Contents

Full Title and Meme

Context

History

Problems

Tracking

Security

Solutions

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

Sidebar Links