Talk:HTTP cookie
<templatestyles src="Module:Message box/tmbox.css"/><templatestyles src="Talk header/styles.css" />
| This is the talk page for discussing improvements to the HTTP cookie Template:Pagetype. This is not a forum for general discussion of the article's subject. |
Article policies
|
| Template:Find general sources |
| Archives: Template:Comma separated entries<templatestyles src="Template:Tooltip/styles.css" />Auto-archiving periodScript error: No such module "Check for unknown parameters".: Template:Human readable duration File:Information icon4.svg |
Script error: No such module "Check for unknown parameters".Script error: No such module "Check for deprecated parameters".
Script error: No such module "Banner shell". Script error: No such module "Article history". Script error: No such module "Message box". Template:Backwardscopy Template:Old move
Template:Archives Template:Category handlerScript error: No such module "Copied".
"Alternatives to cookies" should be split out into a separate article
The section "Alternatives to cookies" list various identifiers and cache records stored by the client (and metadata like IP). These things can be used for tracking (one application of cookies), but they don't actually substitute cookies in general. Also, this list is missing a few entries, like:
- - favicon cache:
- - HSTS tracking, see
- - redirect tracking, see
Semi-protected edit request on 3 April 2025
Template:Edit semi-protected In the Browser fingerprint paragraph, it would be nice to specify that "While the collection of fingerprinting data occurs client-side, the analysis and identification of users based on this data are performed server-side." Please, see the resource here: https://www.researchgate.net/publication/365268626_A_Survey_of_Browser_Fingerprint_Research_and_Application
Also, according to Wikipedia's Guidelines, an example could be done. Here is my attempy: "A well-known application of browser fingerprinting is in online banking systems. This technology enables the creation of unique identifiers for customers' devices during the login phase to detect suspicious activities, such as attempts to access accounts from unrecognized or potentially fraudulent devices."
Thanks! Ate Keurentjes (talk) 08:41, 3 April 2025 (UTC)
- File:Semi-protection-unlocked.svg Not done: According to the page's protection level you should be able to edit the page yourself. If you seem to be unable to, please reopen the request with further details. twisted. (user | talk | contribs) 14:37, 14 April 2025 (UTC)
"Created by a web server" in the first paragraph may not always be correct
Current first paragraph: "HTTP cookie [...] is a small block of data created by a web server while a user is browsing a website [...]"
Problem: "created by a web server" may not always be correct and could potentially be misleading, especially if it's in the first paragraph.
As mentioned later down in the article: "Although cookies are usually set by the web server, they can also be set by the client using a scripting language such as JavaScript".
That is, it may be more correct to say something along the lines of "usually created by a web server or browser-side script" ("usually", since we could in theory consider cases like manually adding a cookie to browser's SQLite database, or curl's cookies.txt file, etc.). UkuSormus (talk) 05:38, 10 April 2025 (UTC)
"user's web browser" v.s. other types of client
Current first paragraph: "HTTP cookie [...] is a small block of data [...] placed on the user's computer or other device by the user's web browser [...]"
The current wording explicitly uses "user's web browser".
Should we consider non-browser clients such as curl to be mentioned in the article? (see, e.g., curl - HTTP cookies)
If so, should we also consider modifying the first paragraph to use something like "by the client, usually the user's web browser", or it could get too abstract for the intro? UkuSormus (talk) 05:40, 10 April 2025 (UTC)
New browser-side CookieStore API
In the current version of the article, only the document.cookie browser API is mentioned for manipulating cookies. Nowadays, there's also the new CookieStore API (see MDN), supported by Chromium-based browsers and soon in Firefox. UkuSormus (talk) 05:41, 10 April 2025 (UTC)
window.name DOM property
Window is not a DOM property, window is a host object responsible for reflecting the DOM into programming languages. It has its own standard at https://html.spec.whatwg.org/multipage/nav-history-apis.html#the-window-object 31.182.204.120 (talk) 18:58, 7 May 2025 (UTC)