An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored in the user's web browser while the user is browsing.
Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with.
Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in.
The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted.
Security vulnerabilities may allow a cookie's data to be read by a hacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples).
In particular, cookies were accepted by default, and users were not notified of their presence. The development of the formal cookie specifications was already ongoing.
The general public learned about cookies after the Financial Times published an article about them on February 12, 1996. In particular, the first discussions about a formal specification started in April 1995 on the www-talk mailing list.In the same year, cookies received a lot of media attention, especially because of potential privacy implications. A special working group within the Internet Engineering Task Force (IETF) was formed.Two alternative proposals for introducing state in HTTP transactions had been proposed by Brian Behlendorf and David Kristol respectively.The tracking cookies, and especially third-party tracking cookies, are commonly used as ways to compile long-term records of individuals' browsing histories – a potential privacy concern that prompted European The term "cookie" was coined by web browser programmer Lou Montulli.It was derived from the term "magic cookie", which is a packet of data a program receives and sends back unchanged, used by Unix programmers.Magic cookie in turn derives from "fortune cookie", a cookie with an embedded message.