This document defines the HTTP Cookie and Set-Cookie
header fields. These header fields can be used by HTTP
servers to store state (called cookies) at HTTP user agents,
letting the servers maintain a stateful session over the mostly
stateless HTTP protocol. Although cookies have many historical
infelicities that degrade their security and privacy, the Cookie and
Set-Cookie header fields are widely used on the Internet.
This document obsoletes RFC 2965.
Working Group Summary
There is strong consensus in the working group to publish this
document. Among those currently active in the working group there
is a wide consensus behind the document. No objections have been
raised regarding this version of the document.
This document defines the HTTP Cookie and Set-Cookie HTTP
header fields as they are presently utilized on the Internet. As a
result, there are already many implementations of this specification.
The author has coordinated with significant browser developers to
help ensure that their implementations are consistent with the
specification. The document has undergone extensive review, and
the Document Shepherd and the Responsible Area Director have
no concerns with this document.
The Document Shepherd is Jeff Hodges. The Responsible Area
Director is Peter Saint-Andre.