W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 2001

RE: cookies history

From: Joris Dobbelsteen <joris.dobbelsteen@mail.com>
Date: Mon, 26 Nov 2001 21:23:45 +0100
To: "'jario'" <jario@ieg.com.br>
Cc: "WWW WG \(E-mail\)" <http-wg@cuckoo.hpl.hp.com>
Message-ID: <001801c176b8$402dadc0$0d0ba8c0@joris2k.local>
Get the RFC from www.ietf.org...

RFC 2109
Title: HTTP State Management Mechanism.
Authors: D. Kristol, L. Montulli.
Date: February 1997.


I'll give you a short history about HTTP.
Everybody is invited to review it...

HTTP was orginated by CERN, where HTTP/0.9 was developed as a simple method
to request a file. Later HTTP/1.0 was developed (at the IETF and/or CERN?),
that greatly increased the ability of HTTP and allowed content to be
neogotiated. With FTP you can retreive a file, but HTTP allows you to
retreive the file the way you like it. You can give a language, character
encoding and others. Information about this protocol can be found in the
appropriate RFC:

RFC 1945
Title: Hypertext Transfer Protocol -- HTTP/1.0.
Authors: T. Berners-Lee, R. Fielding & H. Frystyk.
Date: May 1996.

HTTP/1.1 enhanced HTTP/1.0, by making the transport more efficient and
enhancing the caching mechanism. See:

RFC 2616
Title: Hypertext Transfer Protocol -- HTTP/1.1.
Authors :R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P.
Leach, T. Berners-Lee.
Date: June 1999.

- Cookies or HTTP State Management Mechanism

HTTP is a sessionless/stateless protocol. Two requests are unrelated, they
don't share any kind of common information. With FTP you have a
session/state: authentication, path. This can be useful in several
situations. With the cookies a method was designed to create session/state
over a sessionless/stateless protocol. Other methods used are to pass
information witht the URL, as is still in use, especially at chatboxes or
webmail systems. Cookies really enhanced this. This way you can store
information more dynamically and it can be saved over multiple ..., well
'browsing sessions' :-)

A nice chapter would be "Cookies and Privacy". On this subject there is
numberous information
I'll give you two statements, were I believe in the last one.

Cookies violate privacy, because web masters (or companies) can save
information about your specific browsing patterns and can gather your
personal information, directly from your own computer. This is why he always
disabled cookies on his system.
This can be argumented by someone (it was once on a dutch radio-broadcaster)
who, in my opinion, didn't know much about HTTP or cookies.

Cookies violate privacy in a way that they can only save information about
your browsing patterns, but this can also be done, somewhat more
anonymously, using your IP address, DNS name/domain, browser type,
authentication and such. Next cookies are generated ONLY by the server side,
so only information that is reveiled to him is accessable to him and can be
stored in a cookie. Also cookies can only be read by those for who it's
Also, sessions can be created using cookies and e.g. using the URL.
Information this is discoved and stored in a cookie, can be discovered
otherwise and stored on the server.
Next this kind of information, especially regarding advertisements, is
already stored on servers.

If you have some more questions, please ask...

- Joris Dobbelsteen

>-----Original Message-----
>From: jario [mailto:jario@ieg.com.br]
>Sent: Sunday, 25 November 2001 20:22
>To: http-wg@cuckoo.hpl.hp.com
>Subject: cookies history
>Hi, all.
>I am developing a thesis regarding the protocol HTTP and I seek for the
>history of the origin of the cookies.
>How did they appear?
>Which reason of the netscape of you create them?
   Don't understand this question to good.
>Do you can help me?
Received on Monday, 26 November 2001 20:31:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:16:38 UTC