A magic cookie or just cookie for short, is a token or short packet of data passed between communicating programs, where the data is typically not meaningful to the recipient program. The contents are opaque and not usually interpreted until the recipient passes the cookie data back to the sender or perhaps another program at a later time. The cookie is often used like a ticket — to identify a particular event or transaction.
In some cases, recipient programs are able to meaningfully compare two cookies for equality.
Contents |
A magic cookie can be analogous to, for example, the token supplied at a coat check (cloakroom) counter in real life. The token has no intrinsic meaning, but its uniqueness allows it to be exchanged for the correct coat when returned to the coat check counter. The coat check token is opaque because the way in which the counter staff are able to find the correct coat when the token is presented is immaterial to the person who wishes their coat returned. In other cases (as is possible with HTTP cookies), the actual data of interest can be stored as name/value pairs directly on the cookie.
Cookies are used as identifying tokens in many computer applications. When one visits a website, the remote server may leave an HTTP cookie on one's computer, where they are often used to authenticate identity upon returning to the website. Cookies are a component of the most common authentication method used by the X Window System.
Some cookies (such as HTTP cookies) have a digital signature appended to them or are otherwise encrypted, so that hostile users or applications are unable to forge a cookie and present it to the sending application, in order to gain access to that which the hostile user is otherwise not entitled. Depending on the nature of the encryption algorithm used, users may be able to verify that a cookie is authentic.
This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.