HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session.

<World-Wide Web> A system invented by Netscape to allow a web server to send a web browser a packet of information that will be sent back by the browser each time it accesses the same server. Cookies can contain any arbitrary information the server chooses to put in them and are used to maintain state between HTTP transactions, which are otherwise stateless. Typically this is used to authenticate or identify a registered user of a website without requiring them to sign in again every time they access it. Other uses are, e.g. maintaining a "shopping basket" of goods you have selected to purchase during a session at a site, site personalisation (presenting different pages to different users) or tracking which pages a user has visited on a site, e.g. for marketing purposes. The browser limits the size of each cookie and the number each server can store. This prevents a malicious site consuming lots of disk space. The only information that cookies can return to the server is what that same server previously sent out. The main privacy concern is that, by default, you do not know when a site has sent or received a cookie so you are not necessarily aware that it has identified you as a returning user, though most reputable sites make this obvious by displaying your user name on the page. After using a shared login, e.g. in an Internet cafe, you should remove all cookies to prevent the browser identifying the next user as you if they happen to visit the same sites. http://cookiecentral.com/c_concept.htm">Cookie Central (http://cookiecentral.com/c_concept.htm). (2004-08-26)

HTTP cookie

<operating system> A collection of fortune cookies in a format that facilitates retrieval by a fortune program. There are many cookie files in public distribution, and site admins often assemble their own from various sources. [Jargon File] (1997-01-07)

In computing, a magic cookie, or just cookie for short, is a token or short packet of data passed between communicating programs. The cookie is often used to identify a particular event or as "handle, transaction ID, or other token of agreement between cooperating programs".

1. Something passed between routines or programs that enables the receiver to perform some operation; a capability ticket or opaque identifier. Especially used of small data objects that contain data encoded in a strange or intrinsically machine-dependent way. E.g. on non-Unix operating systems with a non-byte-stream model of files, the result of "ftell" may be a magic cookie rather than a byte offset; it can be passed to "fseek", but not operated on in any meaningful way. The phrase "it hands you a magic cookie" means it returns a result whose contents are not defined but which can be passed back to the same or some other program later. 2. An in-band code for changing graphic rendition (e.g. inverse video or underlining) or performing other control functions. Some older terminals would leave a blank on the screen corresponding to mode-change magic cookies; this was also called a glitch (or occasionally a "turd"; compare {mouse droppings}). See also cookie. [Jargon File] (1995-01-25)

HTTP Message Body is the data bytes transmitted in an HTTP transaction message immediately following the headers if there are any (in the case of HTTP/0.9 no headers are transmitted).

HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, Session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header.

(HTTP/3 also uses the completed QUIC protocol described in RFC 9000 and related RFCs such as RFC 9001)

Hypertext Transfer Protocol version 1.0.