Talk:HTTP cookie/GA1

GA Review
The edit link for this section can be used to add comments to the review.''

Reviewer: Malleus Fatuorum 22:17, 1 June 2011 (UTC)


 * This article is largely uncited, and therefore does not meet the 2a GA criterion. I note that the same objection was raised during the FAR of 2009, and that very little appears to have been done since then to address this issue. I'm placing this review on hold for up to seven days pending a very signiificant improvement in its referencing.

Thank you for your prompt/quick review. I will see what I can do. But bear in mind that almost all the facts in this article are from RFC 6265, other than that, there are not many reputable sources except blogs and discussion forums (with which wiki should not reference) to cite from. Pleasancoder (talk) 03:22, 2 June 2011 (UTC)
 * The basic facts on the technology yes, but the bulk of the article no. Let me give you just a couple of examples chosen at random:
 * From the Session management section: "Allowing users to log in to a website is a frequent use of cookies. Typically the web server will first send a cookie containing a unique session identifier. Users then submit their credentials and the web application authenticates the session and allows the user access to services." RFC 6265 says nothing about logging in to web sites.
 * From the Personalization section: "Many websites use cookies for personalization based on users' preferences." Who says that "many" web sites use cookies for that purpose?


 * Lead
 * "... a major privacy concern that prompted stricter laws." Stricter laws where? The US, Europe, worldwide?


 * Implementation
 * "Without cookies, each retrieval of a Web page or component of a Web page is an isolated event, mostly unrelated to all other views of the pages of the same site." Why "mostly" unrelated? There's either state or there isn't.


 * "... an internet browser is expected to be able to store at least 300 cookies of four kilobytes each, and at least 20 cookies per server or domain." RFC 6265, to which this ought to be cited, says 3000 and 50, quite a big difference.


 * Tracking
 * What is the source for this section? It certainly isn't RFC 6265.


 * Cross-site scripting – just do it
 * Completely uncited and reads like a rather poorly written personal essay.


 * Cross-site scripting – proxy request
 * Completely uncited.


 * References
 * There are two broken links.


 * The amount effort required to get this article to meet the GA criteria was considerable, and it remains considerable, far more than can be done within the span of a GA review. Malleus Fatuorum 23:40, 6 June 2011 (UTC)