Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items
added in the shopping cart in an online store) or to record the user's browsing activity (including clicking
particular buttons, logging in, or recording which pages were visited in the past).
Cookies can also store passwords and form content a user has previously entered, such as a credit card number
or an address.
Other kinds of cookies perform essential functions in the modern web.
Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the
user is logged in or not, and which account they are logged in with.
Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require
the user to authenticate themselves by logging in.
The security of an authentication cookie generally depends on the security of the issuing website and the user's web
browser, and on whether the cookie data is encrypted.
Security vulnerabilities may allow a cookie's data to be read by a hacker, used to gain access to user data,
or used to gain access (with the user's credentials) to the website to which the cookie belongs (see cross-site
scripting and cross-site request Workshopry for examples).
The tracking cookies, and especially third-party tracking cookies, are commonly used as ways to compile
long-term records of individuals' browsing histories a potential privacy concern that prompted European and U.S.
law makers to take action in 2011.
European law requires all websites targeting European Union member states gain "informed consent" from users before
storing non-essential cookies on their device.
DoubleClick is a subsidiary of Google which develops and provides Internet ad serving services. Its clients
include agencies, marketers (Universal McCann, AKQA etc.) and publishers who serve customers like Microsoft, General
Motors, Coca-Cola, Motorola, L'Oréal, Palm, Inc., Apple Inc., Visa USA, Nike, Carlsberg among others. DoubleClick's
headquarters is in New York City, United States.[not verified in body] DoubleClick was founded in 1996 by
Kevin O'Connor and Dwight Merriman.
It was formerly listed as "DCLK" on the NASDAQ, and was purchased by private equity firms Hellman & Friedman
and JMI Equity in July 2005. In March 2008, Google acquired DoubleClick for US$3.1 billion.
This utility is a manager for the cookies created by the most usual Windows browsers: Internet Explorer,
Firefox, Google Chrome, Mozilla and Opera (only basic support for this one).
It also works with any Gecko-based browser and most of the browsers based in Internet Explorer.
You can set a list with the cookies that you want to protect and then delete the remaining ones with a simple
mouse click (all the browsers at the same time).
It also have the option of detecting the cookies for the sites included in your favorites and/or bookmarks.
Useful for people who care about their privacy but don't want to disable or block all the cookies (a lot of
pages need them for working properly).
Cookies are set using the Set-Cookie header sent in an HTTP response.
This header instructs the browser to store the cookie and send it back in future requests to the server (the
browser will, of course, ignore this header if it does not support cookies or has disabled cookies).
As an example, the browser sends its first request to the homepage of the www.example.org website:
GET /index.html HTTP/1.1
The server responds with two Set-Cookie headers:
HTTP/1.0 200 OK
Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT
The server's HTTP response contains the contents of the website's homepage.
But it also instructs the browser to set two cookies.
The first, "theme", is considered to be a "session" cookie, since it does not have an Expires or Max-Age attribute.
Session cookies are intended to be deleted by the browser when the browser closes.
The second, "sessionToken" contains an "Expires" attribute, which instructs the browser to delete the cookie at a
specific date and time.
Next, the browser sends another request to visit the spec.html page on the website.
This request contains a Cookie header, which contains the two cookies that the server instructed the browser
GET /spec.html HTTP/1.1
Cookie: theme=light; sessionToken=abc123
This way, the server knows that this request is related to the previous one.
The server would answer by sending the requested page, and possibly adding other cookies as well using the Set-Cookie
The value of a cookie can be modified by the server by including a Set-Cookie header in response to a page
request. The browser then replaces the old value with the new value.
The value of a cookie may consist of any printable ASCII character (! through ~, unicode \u0021through
\u007E) excluding , and ; and excluding whitespace.
The name of a cookie excludes the same characters, as well as =, since that is the delimiter between the name and
value. The cookie standard RFC 2965 is more limiting but not implemented by browsers.
The term "cookie crumb" is sometimes used to refer to a cookie's name-value pair.
Cookies can also be set by scripting languages such as that run within the browser.
For example, the instruction document.cookie = "temperature=20" creates a cookie of name "temperature" and value "20".