Talk:HTTP cookie/Archive 4
 | This is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page. |
| Archive 1 | Archive 2 | Archive 3 | Archive 4 |
Semi-protected edit request on 26 October 2020
 | This edit request to HTTP cookie has been answered. Set the |answered= or |ans= parameter to no to reactivate your request. |
I want to edit. 96.232.83.69 (talk) 12:26, 26 October 2020 (UTC)
- You can request specific changes here on this talk page on the form "Please change X to Y", citing reliable sources. – Thjarkur (talk) 12:36, 26 October 2020 (UTC)
Semi-protected edit request on 31 January 2021
| This edit request to HTTP cookie has been answered. Set the |answered= or |ans= parameter to no to reactivate your request. |
2601:586:500:8800:9C45:87FE:372A:9811 (talk) 02:51, 31 January 2021 (UTC)
Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate. Pupsterlove02 talk • contribs 03:59, 31 January 2021 (UTC)
Semi-protected edit request on 24 March 2021
| This edit request to HTTP cookie has been answered. Set the |answered= or |ans= parameter to no to reactivate your request. |
Change "For obvious security reasons" to "For security reasons" in the Domain and path subsection, as the "obvious" is unhelpfully exclusionary Wlycdgr (talk) 16:09, 24 March 2021 (UTC)
Semi-protected edit request on 24 March 2021 (2)
| This edit request to HTTP cookie has been answered. Set the |answered= or |ans= parameter to no to reactivate your request. |
Update third party cookie discussion to reflect recent developments: Firefox now blocks third party cookies by default[1], and the Chrome team has announced plans to do so by 2022[2] Wlycdgr (talk) 16:26, 24 March 2021 (UTC)
Already done - these claims already appear in the article. Thank you! A S U K I T E 19:54, 24 March 2021 (UTC)
References
Semi-protected edit request on 8 June 2021
| This edit request to HTTP cookie has been answered. Set the |answered= or |ans= parameter to no to reactivate your request. |
Please remove the sentence "Google Project Zero researcher Jann Horn describes ways cookies can be read by intermediaries, like Wi-Fi hotspot providers. He recommends using the browser in incognito mode in such circumstances". The reason is:
- This doesn't belong in this article at all. It gives un-due focus to an unimportant blog post. That cookies may be stolen is alredy mentioned in the section "Cookie theft and session hijacking", that blog posts does not make a significant contribution over that.
- The source is just a minor demonstration at the author's personal blog. It's hardly a recommendation.
- The recommendation is misleading to readers.
--157.157.113.183 (talk) 10:45, 8 June 2021 (UTC)
Done ScottishFinnishRadish (talk) 11:22, 8 June 2021 (UTC)
terrible cringe taxonomy
tracking cookies are not a thing there are literally infinite ways to track a browser session, cookies being one of them please rewrite the entire article
is there even a reference here to the original cookie spec? this entire article is written for american retards who are paranoid about being tracked and want to learn how precisely a cookie can "violate their privacy", the irony being that the idiots browsing and writing this article are unaware as a method so simple as tracking IP addresses — Preceding unsigned comment added by 198.91.180.20 (talk • contribs) 16:33, 28 September 2021 (UTC)
P3P discontinued by W3C, removed from MS browsers since Windows 10.
| This edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request. |
Please delete the line:
- By default, Internet Explorer allows third-party cookies only if they are accompanied by a P3P "CP" (Compact Policy) field.[60]
and change:
- The P3P specification offers a possibility for a server to state a privacy policy using an HTTP header field, which specifies which kind of information it collects and for which purpose. These policies include (but are not limited to) the use of information gathered using cookies. According to the P3P specification, a browser can accept or reject cookies by comparing the privacy policy with the stored user preferences or ask the user, presenting them the privacy policy as declared by the server. However, the P3P specification was criticized by web developers for its complexity. Some websites do not correctly implement it. For example, Facebook jokingly used "HONK" as its P3P header field for a period.[83] Only Internet Explorer provides adequate support for the specification.
to (updated, and shorter since the unsupported spec is now less relevant, and because the linked page has all the necessary information about the current status of the P3P's demise):
- A W3C specification called P3P was proposed for servers to communicate their privacy policy to browsers, allowing automatic, user-configurable handling. However, few websites implement the specification, no major browsers support it, and the W3C has discontinued work on the specification.
This should bring this page's reporting of P3P current with the P3P page: it's currently several years out of date. 207.191.44.146 (talk) 15:24, 12 October 2021 (UTC)
Done Parrotapocalypse (hello) 02:26, 15 October 2021 (UTC)
Suggested change to Same-Site cookie section, last paragraph
There have been some changes to browser implementations of SameSite cookies since May 2020 that are not shown in this paragraph.
I suggest this replacement paragraph, most importantly to note that the Chrome rollout was actually completed in 2020.
- As of 2022, Chrome, Firefox, Safari and Edge have all added support for SameSite cookies. An important part of the rollout of this feature is the treatment of existing cookies without the SameSite attribute defined. Chrome began by treating those existing cookies as if SameSite=None, to keep all websites/applications behaving as before. Chrome changed that default to SameSite=Lax in 2020, to increase users' security. The change would break those applications/websites that rely on third-party/cross-site cookies, that were not updated to use the SameSite attribute. Given the extensive changes for web developers and COVID-19 circumstances, Google temporarily rolled back the SameSite cookie change, but completed the rollout later in 2020. [1] . Other browsers have added support at different times.
Also, could we please remove the hyphen, as "SameSite" is the common usage, not "Same-Site". Both forms are used in the original specification, so it's not wrong, but "SameSite" is what the wider web development community typically uses. Bhforbróir (talk) 21:59, 10 January 2023 (UTC)
Semi-protected edit request on 20 July 2023
| This edit request to HTTP cookie has been answered. Set the |answered= or |ans= parameter to no to reactivate your request. |
103.171.165.169 (talk) 08:18, 20 July 2023 (UTC)
X500
- Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate. Cannolis (talk) 08:46, 20 July 2023 (UTC)