Magic cookie
Encyclopedia
A magic cookie or just cookie for short, is a token or short packet of data passed between communicating programs, where the data is typically not meaningful to the recipient program. The contents are opaque
and not usually interpreted until the recipient passes the cookie data back to the sender or perhaps another program at a later time. The cookie is often used like a ticket — to identify a particular event or transaction.
In some cases, recipient programs are able to meaningfully compare two cookies for equality.
) counter in real life. The token has no intrinsic meaning, but its uniqueness allows it to be exchanged for the correct coat when returned to the coat check counter. The coat check token is opaque because the way in which the counter staff are able to find the correct coat when the token is presented is immaterial to the person who wishes their coat returned. In other cases
(as is possible with HTTP cookie
s), the actual data of interest can be stored as name/value pairs directly on the cookie.
Cookies are used as identifying tokens in many computer applications. When one visits a website
, the remote server may leave an HTTP cookie
on one's computer, where they are often used to authenticate
identity upon returning to the website. Cookies are a component of the most common authentication method used by the X Window System
.
s) have a digital signature
appended to them or are otherwise encrypted
, so that hostile users or applications are unable to forge a cookie and present it to the sending application, in order to gain access to that which the hostile user is otherwise not entitled. Depending on the nature of the encryption algorithm used, users may be able to verify that a cookie is authentic.
Opaque data type
In computer science, an opaque data type is a user defined data type used like built-in data type. It is incompletely defined in an interface, so that ordinary client programs can only manipulate data of that type by calling procedures that have access to the missing information.-Overview:Opaque...
and not usually interpreted until the recipient passes the cookie data back to the sender or perhaps another program at a later time. The cookie is often used like a ticket — to identify a particular event or transaction.
In some cases, recipient programs are able to meaningfully compare two cookies for equality.
Cookie as token
A magic cookie can be analogous to, for example, the token supplied at a coat check (cloakroomCloakroom
A cloakroom, or sometimes coatroom, is a room for people to hang their cloaks. They are typically found inside large buildings, such as gymnasiums, schools, churches or meeting halls....
) counter in real life. The token has no intrinsic meaning, but its uniqueness allows it to be exchanged for the correct coat when returned to the coat check counter. The coat check token is opaque because the way in which the counter staff are able to find the correct coat when the token is presented is immaterial to the person who wishes their coat returned. In other cases
(as is possible with HTTP cookie
HTTP cookie
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site...
s), the actual data of interest can be stored as name/value pairs directly on the cookie.
Cookies are used as identifying tokens in many computer applications. When one visits a website
Website
A website, also written as Web site, web site, or simply site, is a collection of related web pages containing images, videos or other digital assets. A website is hosted on at least one web server, accessible via a network such as the Internet or a private local area network through an Internet...
, the remote server may leave an HTTP cookie
HTTP cookie
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site...
on one's computer, where they are often used to authenticate
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
identity upon returning to the website. Cookies are a component of the most common authentication method used by the X Window System
X Window System
The X window system is a computer software system and network protocol that provides a basis for graphical user interfaces and rich input device capability for networked computers...
.
Security
Some cookies (such as HTTP cookieHTTP cookie
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site...
s) have a digital signature
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
appended to them or are otherwise encrypted
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
, so that hostile users or applications are unable to forge a cookie and present it to the sending application, in order to gain access to that which the hostile user is otherwise not entitled. Depending on the nature of the encryption algorithm used, users may be able to verify that a cookie is authentic.