HTTP Cookie

From GM-RKB
(Redirected from browser cookie)
Jump to navigation Jump to search

A HTTP Cookie is a small text data item from a web server to store a user's web browser.

  • Context:
    • It can range from being:
      • a First-Party Cookie, which is set by the domain the user is visiting directly, often used to remember user settings and preferences.
      • a Third-Party Cookie, which is set by a domain other than the one the user is visiting, commonly used for advertising and tracking purposes.
    • It can range from being:
      • a Functional Cookie, necessary for basic website functionality and are typically set in response to actions made by the user such as a request for services, e.g., logging in or filling in forms.
      • a Performance Cookie, which collect information about how visitors use a website, like which pages are visited most often. They don't collect information that identifies a visitor and are only used to improve how a website works.
      • a Targeting Cookie, which are used to track visitors across websites with the intention to display ads that are relevant and engaging for the individual user.
  • Example(s):
    • A Session Cookie named `UserSessionID`, used to maintain users' states across page requests.
    • A Functional Cookie named `SitePreferences`, saving user settings like language (e.g., `LanguagePref`) or location (e.g., `RegionSelect`) for future visits.
    • An Authentication Cookie named `Auth_Token_2023`, maintaining the state of a user's login for a session.
    • A Tracking Cookie named `AdTrack_ViewerID`, used by advertisers to track browsing history and deliver targeted advertisements.
    • A Performance Cookie named `SiteAnalytics_VisitData`, similar to Google Analytics cookies, which gather data on how visitors use a website.
  • Counter-Example(s):
  • See: Cross-site Scripting, HTTP Header, Website Tracking, Informed Consent, Web Browser, Program State, Web Browsing History.


References

2023

  • Web Chatbot
    • HTTP cookies, also known as web or browser cookies, are small packets of data sent from a server to a user's web browser, and are used to maintain user-specific information. They may hold different types of information, which could include login details, user preferences, or items in a shopping cart.

      Cookies are comprised of a name and a value, with additional name-value pairs defining attributes such as expiration or security settings. Servers can command browsers to store data using the Set-Cookie response header field. Cookies can also track browsing history, store state-related information, or authenticate users.

      The lifetime of cookies can be outlined by the server, and may persist over time. Cookies can either be session or permanent cookies, with the former being deleted at the end of an HTTP session, and the latter featuring an explicit expiration date. Cookies can be removed from the system via browser functionalities.

      Domain association is a key feature of cookies, allowing differentiation between first-party and third-party cookies. The SameSite attribute in the CORS protocol permits cookies to protect against cross-site request forgery (CSRF) attacks. HTTP cookies can include specific prefixes and attributes to showcase their origin. The Secure and HttpOnly attributes can limit access to cookies.

      Certain legal regulations, like GDPR and CCPA, govern the use of cookies. There are also experimental cookies, like the 'SameSite' cookie, and special types of persistent cookies known as 'Zombie' or 'Evercookies'. Cookies get passed through HTTP headers in requests and responses, being set using the 'Set-Cookie' field in the server's response header. Some cookies can be set to be accessible only by HTTP and not by JavaScript, adding a layer of security.

2023

  • (Wikipedia, 2023) ⇒ https://en.wikipedia.org/wiki/HTTP_cookie Retrieved:2023-10-30.
    • HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session.

      Cookies serve useful and sometimes essential functions on the web. They enable web servers to store stateful information (such as items added in the shopping cart in an online store) on the user's device or to track the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to save for subsequent use information that the user previously entered into form fields, such as names, addresses, passwords, and payment card numbers. Authentication cookies are commonly used by web servers to authenticate that a user is logged in, and with which account they are logged in. Without the cookie, users would need to authenticate themselves by logging in on each page containing sensitive information that they wish to access. The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie's data to be read by an attacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples). Tracking cookies, and especially third-party tracking cookies, are commonly used as ways to compile long-term records of individuals' browsing histories a potential privacy concern that prompted European and U.S. lawmakers to take action in 2011. European law requires that all websites targeting European Union member states gain "informed consent" from users before storing non-essential cookies on their device.