LLMpediaThe first transparent, open encyclopedia generated by LLMs

HTTP cookie

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: HTTP Hop 4
Expansion Funnel Raw 62 → Dedup 17 → NER 5 → Enqueued 3
1. Extracted62
2. After dedup17 (None)
3. After NER5 (None)
Rejected: 12 (not NE: 12)
4. Enqueued3 (None)
Similarity rejected: 2
HTTP cookie
NameHTTP cookie
CaptionA diagram showing the exchange of a cookie between a web browser and a web server.
Other namesWeb cookie, browser cookie, internet cookie
First appeared1994
DeveloperLou Montulli of Netscape Communications
PurposeState management for the World Wide Web

HTTP cookie. An HTTP cookie is a small piece of data sent from a web server and stored on a user's device by their web browser while the user is browsing. It is a core mechanism for enabling stateful sessions on the inherently stateless Hypertext Transfer Protocol, allowing websites to remember information about a user's visit or their activity over time. Cookies are fundamental to modern web functionality, facilitating user authentication, shopping cart persistence, and personalized content delivery across billions of internet sessions daily.

History

The concept of the HTTP cookie was conceived in 1994 by Lou Montulli, an engineer at Netscape Communications, while developing an application for MCI Communications. Montulli adapted the concept of a "magic cookie", used in Unix systems, to solve the problem of maintaining state for virtual shopping carts on the nascent World Wide Web. The first implementation was used in Netscape Navigator to determine if visitors to the Netscape website had already been there. The formal specification for cookies was later written by David M. Kristol and Montulli and published as Request for Comments 2109 by the Internet Engineering Task Force in 1997. This foundational work was crucial for the commercial development of the web, enabling sites like Amazon.com and eBay to manage user sessions.

Structure

A cookie consists of a simple text string containing name-value pairs, along with several optional attributes that control its behavior. The primary components sent in the Set-Cookie HTTP header include the cookie's name, its value, and directives such as Expires or Max-Age to define its lifetime. The Domain and Path attributes specify the scope of URLs to which the web browser should send the cookie. The Secure attribute mandates transmission only over encrypted HTTPS connections, while the HttpOnly attribute instructs the browser to prevent access via client-side scripts like JavaScript, a key security measure. The modern SameSite attribute, supported by browsers like Google Chrome and Mozilla Firefox, controls whether a cookie is sent with cross-site requests.

Uses

Cookies serve a wide variety of essential functions on the modern web. Session management cookies allow users to log into websites like Facebook or Gmail and remain authenticated across multiple page requests. Personalization cookies remember user preferences such as language settings on Wikipedia or regional selections on the BBC website. Tracking cookies are used by advertising networks like Google Ads and The Trade Desk to build a profile of a user's browsing habits across different sites to deliver targeted advertisements. They are also critical for analytics services provided by companies like Adobe and Alphabet Inc. to understand website traffic and user behavior.

Types

Cookies are broadly categorized by their lifespan and provenance. A session cookie exists temporarily in memory and is deleted when the user closes their web browser; it is commonly used for shopping cart contents. A persistent cookie remains on the user's device until a specified expiration date set by the Expires attribute. First-party cookies are set by the web server of the domain the user is directly visiting, such as Netflix remembering a user's watchlist. Third-party cookies are set by domains other than the one shown in the browser's address bar, typically by embedded content like ads from DoubleClick or social widgets from Twitter, and are primarily used for cross-site tracking and advertising.

Privacy and security concerns

The use of cookies, particularly third-party tracking cookies, has raised significant privacy concerns, as they enable the covert profiling of individuals across the World Wide Web by entities like Cambridge Analytica. Security vulnerabilities include cross-site scripting attacks that can steal cookie data, and cross-site request forgery attacks that exploit the browser's automatic sending of cookies. Session hijacking can occur if a session cookie is intercepted. In response, major browser vendors including Apple Inc. with Safari and Mozilla with Firefox have implemented increasingly strict default blocking policies for third-party cookies. The European Union and the Federal Trade Commission have scrutinized the practices of large technology firms like Meta Platforms regarding cookie-based tracking.

Growing public concern over digital privacy has led to comprehensive legal frameworks governing the use of cookies. The General Data Protection Regulation enacted by the European Union requires explicit, informed consent from users before non-essential cookies can be placed, impacting websites worldwide. Similarly, the ePrivacy Directive in the EU mandates clear information and consent for cookie storage. In the United States, the California Consumer Privacy Act grants residents the right to opt-out of the sale of their personal information, which includes data collected via cookies. Landmark rulings by the Court of Justice of the European Union have reinforced these requirements, forcing organizations like Google LLC and Microsoft to adjust their consent mechanisms for services across the European Economic Area. Category:World Wide Web Category:Internet privacy Category:Hypertext Transfer Protocol