Talk:HTTP cookie

This is the talk page for discussing improvements to the HTTP cookie article. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Archives: 1, 2, 3, 4Auto-archiving period: 6 months

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Politics Mid‑importance This article is within the scope of WikiProject Politics, a collaborative effort to improve the coverage of politics on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.PoliticsWikipedia:WikiProject PoliticsTemplate:WikiProject Politicspolitics Mid This article has been rated as Mid-importance on the project's importance scale. Philosophy: Ethics / Social and political High‑importance This article is within the scope of WikiProject Philosophy, a collaborative effort to improve the coverage of content related to philosophy on Wikipedia. If you would like to support the project, please visit the project page, where you can get more details on how you can help, and where you can join the general discussion about philosophy content on Wikipedia.PhilosophyWikipedia:WikiProject PhilosophyTemplate:WikiProject PhilosophyPhilosophy High This article has been rated as High-importance on the project's importance scale. Associated task forces: /  Ethics Social and political philosophy Sociology High‑importance This article is within the scope of WikiProject Sociology, a collaborative effort to improve the coverage of sociology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.SociologyWikipedia:WikiProject SociologyTemplate:WikiProject Sociologysociology High This article has been rated as High-importance on the project's importance scale. Law Mid‑importance This article is within the scope of WikiProject Law, an attempt at providing a comprehensive, standardised, pan-jurisdictional and up-to-date resource for the legal field and the subjects encompassed by it.LawWikipedia:WikiProject LawTemplate:WikiProject Lawlaw Mid This article has been rated as Mid-importance on the project's importance scale. Computing Mid‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing Mid This article has been rated as Mid-importance on the project's importance scale. Internet High‑importance This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.InternetWikipedia:WikiProject InternetTemplate:WikiProject InternetInternet High This article has been rated as High-importance on the project's importance scale. Computer security: Computing High‑importance This article is within the scope of WikiProject Computer security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer securityWikipedia:WikiProject Computer securityTemplate:WikiProject Computer securityComputer security High This article has been rated as High-importance on the project's importance scale. This article is supported by WikiProject Computing (assessed as Mid-importance). Things you can help WikiProject Computer security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Spoken Wikipedia This article is within the scope of WikiProject Spoken Wikipedia, a collaborative effort to improve the coverage of articles that are spoken on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Spoken WikipediaWikipedia:WikiProject Spoken WikipediaTemplate:WikiProject Spoken WikipediaSpoken Wikipedia Websites: Computing High‑importance This article is part of WikiProject Websites, an attempt to create and link together articles about the major websites on the web. To participate, you can edit the article attached to this page, or visit the project page.WebsitesWikipedia:WikiProject WebsitesTemplate:WikiProject WebsitesWebsites High This article has been rated as High-importance on the importance scale. This article is supported by WikiProject Computing. Etymology The etymology section in this article is within the scope of the Etymology task force, a collaborative effort to improve the coverage of etymology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.EtymologyWikipedia:WikiProject Linguistics/EtymologyTemplate:Etymology sectionEtymology

	HTTP cookie is a former featured article. Please see the links under Article milestones below for its original nomination page (for older articles, check the nomination archive) and why it was removed.
	This article appeared on Wikipedia's Main Page as Today's featured article on May 8, 2006.
Article milestones Date Process Result January 16, 2006 Peer review Reviewed January 28, 2006 Featured article candidate Promoted April 7, 2009 Featured article review Demoted June 6, 2011 Good article nominee Not listed Current status: Former featured article

This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.

This article is substantially duplicated by a piece in an external publication. Since the external publication copied Wikipedia rather than the reverse, please do not flag this article as a copyright violation of the following source: Surhone, L. M., Timpledon, M. T., & Marseken, S. F. (2010), Online advertising: World Wide Web, interactive advertising, HTTP cookie, Betascript Publishing{{citation}}: CS1 maint: multiple names: authors list (link) Additional comments OCLC 709610692, ISBN 9786132026712.

On 16 October 2023, it was proposed that this article be moved to Cookies. The result of the discussion was not moved.

The contents of the Cookiejacking page were merged into HTTP cookie on February 2019. For the contribution history and old versions of the redirected page, please see its history; for the discussion at that location, see its talk page.

The section "Alternatives to cookies" list various identifiers and cache records stored by the client (and metadata like IP). These things can be used for tracking (one application of cookies), but they don't actually substitute cookies in general. Also, this list is missing a few entries, like:

- favicon cache:

https://arstechnica.com/information-technology/2021/02/new-browser-tracking-hack-works-even-when-you-flush-caches-or-go-incognito/

- HSTS tracking, see

https://nakedsecurity.sophos.com/2015/02/02/anatomy-of-a-browser-dilemma-how-hsts-supercookies-make-you-choose-between-privacy-or-security/

https://webkit.org/blog/8146/protecting-against-hsts-abuse/

- redirect tracking, see

https://digiday.com/marketing/wtf-what-is-redirect-tracking/

Also see: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Redirect_tracking_protection#what_data_is_cleared

It is requested that an edit be made to the semi-protected article at HTTP cookie. (edit · history · last · links · protection log) This template must be followed by a complete and specific description of the request, that is, specify what text should be removed and a verbatim copy of the text that should replace it. "Please change X" is not acceptable and will be rejected; the request must be of the form "please change X to Y". The edit may be made by any autoconfirmed user. Remember to change the |answered=no parameter to "yes" when the request has been accepted, rejected or on hold awaiting user input. This is so that inactive or completed requests don't needlessly fill up the edit requests category. You may also wish to use the {{ESp}} template in the response. To request that a page be protected or unprotected, make a protection request.

In the Browser fingerprint paragraph, it would be nice to specify that "While the collection of fingerprinting data occurs client-side, the analysis and identification of users based on this data are performed server-side." Please, see the resource here: https://www.researchgate.net/publication/365268626_A_Survey_of_Browser_Fingerprint_Research_and_Application

Also, according to Wikipedia's Guidelines, an example could be done. Here is my attempy: "A well-known application of browser fingerprinting is in online banking systems. This technology enables the creation of unique identifiers for customers' devices during the login phase to detect suspicious activities, such as attempts to access accounts from unrecognized or potentially fraudulent devices."

Thanks! Ate Keurentjes (talk) 08:41, 3 April 2025 (UTC)[reply]

Current first paragraph: "HTTP cookie [...] is a small block of data created by a web server while a user is browsing a website [...]"

Problem: "created by a web server" may not always be correct and could potentially be misleading, especially if it's in the first paragraph.

As mentioned later down in the article: "Although cookies are usually set by the web server, they can also be set by the client using a scripting language such as JavaScript".

That is, it may be more correct to say something along the lines of "usually created by a web server or browser-side script" ("usually", since we could in theory consider cases like manually adding a cookie to browser's SQLite database, or curl's cookies.txt file, etc.). UkuSormus (talk) 05:38, 10 April 2025 (UTC)[reply]

Current first paragraph: "HTTP cookie [...] is a small block of data [...] placed on the user's computer or other device by the user's web browser [...]"

The current wording explicitly uses "user's web browser".

Should we consider non-browser clients such as curl to be mentioned in the article? (see, e.g., curl - HTTP cookies)

If so, should we also consider modifying the first paragraph to use something like "by the client, usually the user's web browser", or it could get too abstract for the intro? UkuSormus (talk) 05:40, 10 April 2025 (UTC)[reply]

In the current version of the article, only the document.cookie browser API is mentioned for manipulating cookies. Nowadays, there's also the new CookieStore API (see MDN), supported by Chromium-based browsers and soon in Firefox. UkuSormus (talk) 05:41, 10 April 2025 (UTC)[reply]