This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 1 added 46 lines
!!! Overview[1]
[{$pagename}] An [HTTP] [{$pagename}] (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored in the user's web browser while the user is browsing.
[{$pagename}] were designed to be a reliable mechanism for websites to remember [stateful] information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers.
Other kinds of [{$pagename}] perform essential functions in the modern web. Perhaps most importantly, [Authentication cookie] are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with.
Without such a [Authentication Method], the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in.
The security of an [Authentication cookie] generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is [encrypted|Encryption]. Security vulnerabilities may allow a [{$pagename}]'s data to be read by a hacker, used to gain access to user data, or used to gain access (with the user's [credentials]) to the website to which the [{$pagename}] belongs (see cross-site scripting and cross-site request forgery for examples).[1]
The [Tracking Cookie], and especially third-party tracking [{$pagename}], are commonly used as ways to compile long-term records of individuals' browsing histories – a potential [privacy] concern that prompted European[2] and U.S. law makers to take action in 2011.[3][4] European law requires all websites targeting European Union member states gain "[Informed Consent]" from users before storing non-essential [{$pagename}] on their device.
!! Drawbacks of [{$pagename}][2]
Besides [Privacy Considerations], cookies also have some technical drawbacks. In particular:
* [{$pagename}] do not always accurately identify users
* [{$pagename}] can be used for by [attackers]
* [{$pagename}] are often at odds with the [Representational State Transfer] ([REST]) software architectural style.
! Inaccurate [Identification]
If more than one [browser|user-agent] is used on a computer, each usually has a separate storage area for cookies. Hence a [{$pagename}] does not identify a person, but a combination of a user account, a computer, and a [web browser|user-agent]. Thus, anyone who uses multiple accounts, computers, or browsers has multiple sets of cookies.
Likewise, cookies do not differentiate between multiple users who share the same user account, computer, and browser.
! Inconsistent state on [client] and [server]
The use of cookies may generate an inconsistency between the state of the client and the [state] as stored in the [{$pagename}].
If the user acquires a [{$pagename}] and then clicks the "Back" button of the [browser], the [state] on the browser is generally not the same as before that acquisition.
As an [example], if the shopping cart of an online shop is built using cookies, the content of the cart may not change when the user goes back in the browser's history: if the user presses a button to add an item in the shopping cart and then clicks on the "Back" button, the item remains in the shopping cart. This might not be the intention of the user, who possibly wanted to undo the addition of the item. This can lead to unreliability, confusion, and bugs. Web developers should therefore be aware of this issue and implement measures to handle such situations.
!! [{$pagename}] and [European Union] [Regulatory compliance]
[{$pagename}] [{$applicationname}] refers you to europa: [Cookies|http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm|target='_blank']
!! [Server-side] [Cookie]
With server-side sessions you will either have to store the [Session ID] in a [database], or else keep it in [memory] and make sure that the client always hits the same server. ([Session Affinity])
Both of these have drawbacks. In the case of the [database] (or other centralized storage), this becomes a bottleneck and a thing to maintain - essentially an extra query to be done with every request.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [HTTP cookie|Wikipedia:HTTP_cookie/|target='_blank'] - based on information obtained 2016-07-01-
* [#2] - [HTTP_cookie#Drawbacks_of_cookies|Wikipedia:HTTP_cookie#Drawbacks_of_cookies|target='_blank'] - based on information obtained 2016-08-10