4.7 Cookie - HTTP State Management

The Cookie module provides convenient ways for creating, parsing, sending and receiving HTTP Cookies, as defined in the specification published by Netscape.

Note: Even though there are official IETF RFC's describing HTTP State Management Mechanism using cookies, the de facto standard supported by most browsers is the original Netscape specification. Furthermore, true compliance with IETF standards is actually incompatible with many popular browsers, even those that claim to be RFC-compliant. Therefore, this module supports the current common practice, and is not fully RFC compliant.

More specifically, the biggest difference between Netscape and RFC cookies is that RFC cookies are sent from the browser to the server along with their attributes (like Path or Domain). The Cookie module ignore those incoming attributes, so all incoming cookies end up as Netscape-style cookies, without any of their attributes defined.

See Also:

Persistent Client State - HTTP Cookies: for the original Netscape specification.

RFC 2109, HTTP State Management Mechanism: for the first RFC on Cookies.

RFC 2964, Use of HTTP State Management: for guidelines on using Cookies.

RFC 2965, HTTP State Management Mechanism: for the latest IETF standard.

HTTP Cookies: Standards, Privacy, and Politics: by David M. Kristol for an excellent overview of the issues surrounding standardization of Cookies.