Magic cookie


In computing, a magic cookie, or just cookie for short, is a token or short packet of data passed between communicating programs, where the data is typically not meaningful to the recipient program. The contents are opaque and not usually interpreted until the recipient passes the cookie data back to the sender or perhaps another program at a later time. The cookie is often used like a ticket to identify a particular event or transaction.
In some cases, recipient programs are able to meaningfully compare two cookies for equality.

Early use

The term magic cookie appears in the man page for the fseek routine in the C standard library, dating back at least to 1979, where it was stated:
An analogy is the token supplied at a coat check counter in real life. The token has no intrinsic meaning, but its uniqueness allows it to be exchanged for the correct coat when returned to the coat check counter. The coat check token is opaque because the way in which the counter staff are able to find the correct coat when the token is presented is immaterial to the person who wishes their coat returned. In other cases, the actual data of interest can be stored as name–value pairs directly on the cookie.
Cookies are used as identifying tokens in many computer applications. When one visits a website, the remote server may leave an HTTP cookie on one's computer, where they are often used to authenticate identity upon returning to the website.
Cookies are a component of the most common authentication method used by the X Window System.