@techreport{ietf-httpbis-layered-cookies-02, number = {draft-ietf-httpbis-layered-cookies-02}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-httpbis-layered-cookies/02/}, author = {Anne van Kesteren and Johann Hofmann}, title = {{Cookies: HTTP State Management Mechanism}}, pagetotal = 46, year = 2026, month = may, day = 21, abstract = {This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 6265 and 6265bis.}, }