Notice: The WebPlatform project, supported by various stewards between 2012 and 2015, has been discontinued. This site is now available on github.

Cookie

Summary

The Cookie headers may be used to receive the value of a cookie from a user agent. The value of the cookie will have been previously set though a script, or by the Set-Cookie header.

Cookies have many issues associated with them, including security and CSRF attacks, privacy issues, and a nonstandard format compared to other HTTP headers.

Overview table

Direction
Request

Features
:

Syntax

cookie-header = "Cookie:" OWS cookie-string OWS
cookie-string = cookie-pair *( ";" SP cookie-pair )
cookie-pair       = cookie-name "=" cookie-value
cookie-name       = token
cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash

Examples

A user agent sending a cookie named “SID” with the value "31d4d96e407aad42".

Cookie: SID=31d4d96e407aad42

Related specifications

HTTP State Management Mechanism
: