Cookies: HTTP State Management Mechanism

The information below is for an old version of the document
Document Type Expired Internet-Draft (httpbis WG)
Authors Mike West  , John Wilander 
Last updated 2020-10-22 (latest revision 2020-04-20)
Replaces draft-ietf-httpbis-cookie-prefixes, draft-thomson-http-omnomnom, draft-ietf-httpbis-cookie-same-site, draft-ietf-httpbis-cookie-alone
Stream Internet Engineering Task Force (IETF)
Expired & archived
plain text xml pdf htmlized bibtex
Stream WG state WG Document (wg milestone: - Submit RFC6265bis (C... )
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 6265.


Mike West (
John Wilander (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)