Skip to main content

Cookies: HTTP State Management Mechanism

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Active".
Expired & archived
Authors Lily Chen , Steven Englehardt , Mike West , John Wilander
Last updated 2022-11-07 (Latest revision 2022-04-24)
Replaces draft-ietf-httpbis-cookie-prefixes, draft-thomson-http-omnomnom, draft-ietf-httpbis-cookie-same-site, draft-ietf-httpbis-cookie-alone
RFC stream Internet Engineering Task Force (IETF)
Additional resources Mailing list discussion
Stream WG state WG Document
Associated WG milestone
Submit RFC6265bis (Cookies)
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 6265.


Lily Chen
Steven Englehardt
Mike West
John Wilander

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)