HTTP cookie

Also found in: Wikipedia.

HTTP cookie

(World-Wide Web)
A system invented by Netscape to allow a web server to send a web browser a packet of information that will be sent back by the browser each time it accesses the same server. Cookies can contain any arbitrary information the server chooses to put in them and are used to maintain state between HTTP transactions, which are otherwise stateless. Typically this is used to authenticate or identify a registered user of a website without requiring them to sign in again every time they access it. Other uses are, e.g. maintaining a "shopping basket" of goods you have selected to purchase during a session at a site, site personalisation (presenting different pages to different users) or tracking which pages a user has visited on a site, e.g. for marketing purposes.

The browser limits the size of each cookie and the number each server can store. This prevents a malicious site consuming lots of disk space. The only information that cookies can return to the server is what that same server previously sent out. The main privacy concern is that, by default, you do not know when a site has sent or received a cookie so you are not necessarily aware that it has identified you as a returning user, though most reputable sites make this obvious by displaying your user name on the page.

After using a shared login, e.g. in an Internet cafe, you should remove all cookies to prevent the browser identifying the next user as you if they happen to visit the same sites.

Cookie Central.
References in periodicals archive ?
It] defines the HTTP Cookie and Set-Cookie header fields.
For instance, while an HTTP cookie stores just 4KB of data, Flash cookies can store up to 100KB.
6,473,802 entitled, "Method and System for Storing Load Balancing Information with a HTTP Cookie.
F5's patented Cookie Persistence technology uses an HTTP cookie stored on the customer's computer to allow the customer to reconnect to the same server previously visited at a Web site.
6,473,802, entitled "Method and System for Storing Load Balancing Information with an HTTP Cookie," enables key capabilities for any traffic management and load balancing product.
The HTTP Cookies returned by the target server in the Set-Cookie HTTP header are also managed by the Muse Navigation Manager in an automatic manner without the administrator intervention.
The study noted that all three of these technologies were "more persistent" than the more widely recognized HTTP cookies, either by being well-hidden in the user's computer system or by being able to "respawn" after being deleted.
The product includes support for WML Script, HTTP cookies, and optional encryption security using WTLS, as well as support for numerous WAP devices, including phones from Nokia, Ericsson, Siemens, and Motorola.
For example, many Web browsers include tools that allow users to specify their preferences regarding HTTP cookies.
Exploitation of the vulnerability allows an attacker to retrieve security and privacy-sensitive data such as authentication credentials, HTTP cookies and other details of HTTP session state, as well as the contents of any local file.
They are collectively responsible for some of the Internet's best known distributed computing standards including: HTTP Cookies, SSL, HTTP Proxying, Server Push and Global Load Balancing.
Lou Montulli is the inventor of several innovations on the web including HTTP cookies and holds multiple patents.