Jump to content

Talk:HTTP cookie

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Former featured articleHTTP cookie is a former featured article. Please see the links under Article milestones below for its original nomination page (for older articles, check the nomination archive) and why it was removed.
Main Page trophyThis article appeared on Wikipedia's Main Page as Today's featured article on May 8, 2006.
Article milestones
DateProcessResult
January 16, 2006Peer reviewReviewed
January 28, 2006Featured article candidatePromoted
April 7, 2009Featured article reviewDemoted
June 6, 2011Good article nomineeNot listed
Current status: Former featured article

"Alternatives to cookies" should be split out into a separate article

[edit]

The section "Alternatives to cookies" list various identifiers and cache records stored by the client (and metadata like IP). These things can be used for tracking (one application of cookies), but they don't actually substitute cookies in general. Also, this list is missing a few entries, like:

- favicon cache:
https://arstechnica.com/information-technology/2021/02/new-browser-tracking-hack-works-even-when-you-flush-caches-or-go-incognito/
- HSTS tracking, see
https://nakedsecurity.sophos.com/2015/02/02/anatomy-of-a-browser-dilemma-how-hsts-supercookies-make-you-choose-between-privacy-or-security/
https://webkit.org/blog/8146/protecting-against-hsts-abuse/
- redirect tracking, see
https://digiday.com/marketing/wtf-what-is-redirect-tracking/

Also see: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Redirect_tracking_protection#what_data_is_cleared

[edit]

A previous RFC to move to "cookies" failed (as IMHO it should have, for reasons given above). However, there was some support to change to Cookie (Internet) or similar and I don't think that got serious consideration.

The term "cookie" is deeply embedded in modern parlance, in a way that HTTP Cookie is not, and this would aid searchers without creating confusion about the baked good.

I'd be OK with Cookie (HTTP) or Cookie (Web) as well. Oblivy (talk) 02:04, 12 April 2024 (UTC)[reply]

I've given this nearly a week and no comments. Unless someone raises their hand to object I'll do the page move shortly. Oblivy (talk) 02:59, 18 April 2024 (UTC)[reply]
That wasn't an RFC, it was a move request, and you ought to post a formal move request too. (FYI, this isn't an RFC either: submitting an RFC involves more than including the letters "RFC" in the title of a discussion.) See the procedure at WP:Requested moves. Largoplazo (talk) 09:37, 18 April 2024 (UTC)[reply]

Semi-protected edit request on 21 May 2024

[edit]
  1. REDIRECT Target page name
176.54.176.219 (talk) 11:15, 21 May 2024 (UTC)[reply]
 Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate. Charliehdb (talk) 11:33, 21 May 2024 (UTC)[reply]

Semi-protected edit request on 18 June 2024

[edit]
41.155.4.4 (talk) 15:29, 18 June 2024 (UTC)[reply]

Allow cookies

 Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate. Annh07 (talk) 15:33, 18 June 2024 (UTC)[reply]

Semi-protected edit request on 15 August 2024

[edit]

The information about supercookies is partially incorrect. Supercookies are not exactly cookies with an origin of a TLD or public suffix. They are more accurately described as tracking mechanisms that can be stored in various ways, such as in HTTP headers, flash cookies, or even in more obscure locations like ETags, rather than being restricted to standard HTTP cookies. The security concern with supercookies mostly lies in their ability to persist across different domains or be more difficult to delete, rather than their ability to maliciously alter requests. This can lead to tracking users across different websites without their knowledge.

I'd propose that the article about Evercookies (the most popular implementation of supercookies) is linked, rather than explaining the concept here again. If a specific explanation is needed here, i'd propose something along the lines of the following: A supercookie is a tracking mechanism that can persist across different domains or even remain stored in non-traditional locations like HTTP headers or browser cache, making it harder to delete compared to ordinary cookies. Unlike regular cookies that are associated with a specific domain (e.g., example.com), supercookies can potentially track users across multiple sites and evade traditional cookie management practices.

Supercookies pose significant privacy and security concerns. For instance, an attacker could potentially exploit a supercookie to track users across multiple websites or reconstruct deleted cookies, thus undermining user privacy. Web browsers and privacy tools typically implement measures to block or delete supercookies, but some older versions or improperly configured browsers may still be vulnerable.

The Public Suffix List helps mitigate some of the risks associated with domain-level cookies by ensuring that cookies cannot be set at inappropriate domain levels, such as top-level domains or public suffixes (e.g., .co.uk). However, the risk posed by supercookies often extends beyond what the PSL can prevent, involving more advanced tracking techniques that require more comprehensive privacy protections. KleinKalve (talk) 09:53, 15 August 2024 (UTC)[reply]

 Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate. M.Bitton (talk) 00:15, 17 August 2024 (UTC)[reply]