Internet Engineering Task Force (IETF)A. Barth
Request for Comments: 6265U.C. Berkeley
Obsoletes: 2965April 2011
Category: Standards Track
ISSN: 2070-1721

HTTP State Management Mechanism


This document defines the HTTP Cookie and Set-Cookie header fields. These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This document obsoletes RFC 2965.