HTTP Cookie

A cookie has an associated scope which defines:

• the maximum amount of time in which the user agent should return the cookie,
• the servers to which the user agent should return the cookie, and
• the URI schemes for which the cookie is applicable.

For historical reasons, there are a few security concerns with cookies:

• Although a server can indicate that a given cookie is intended for «secure» connections (with the Secure attribute?), it does not provide integrity in the presence of an active network attacker
• Cookies for a given host are shared across all the ports on that host, even though the usual same-origin policy used by web browsers isolates content retrieved via different ports.

It seems there cookies following the «netscape cookie protocol» and cookies following the protocol defined in RFC 2965.

Allegedly, the great majority of cookies on the internet are Netscape cookies.

The Netscape cookie protocol differs substantially from that set out in the original Netscape specification.

Cookies are defined in RFC 6265 (HTTP State Management Mechanism), but see also the obsolete RFCs 2109 and 2965.

The Set-Cookie HTTP request header and the associated Cookie response header.

In Chrome, the cookies for the individual sites can be inspected with the special URL chrome://settings/siteData/.

PHP allows store valaues for sessions.