Cookies, HTTP GET, and Query Strings

Question

The United States District Court for the Southern District of New York in re Doubleclick Inc. stated:

"GET information is submitted as part of a Web site's address or "URL," in what is known as a "query string." For example, a request for a hypothetical online record store's selection of Bon Jovi albums might read: http://recordstore.hypothetical.com/search?terms=bonjovi. The URL query string begins with the "?" character meaning the cookie would record that the user requested information about Bon Jovi.

Is it true that a URL query string with a "?" would have the cookie record the user requested information? If so, what RFC/standard includes this?

Edit: I understand the United States District Court doesn't define standards, but I would like to have something concrete to note that they were incorrect.

Answer 1

Last time I checked, the US District Court for the Southern District of New York didn't define Internet standards.

The query string does not affect the cookies, they are using technical language in a sloppy way.

Answer 2

It's certainly possible to store the query string in a cookie, but there is no technical standard that forces that to occur.

They are likely referencing something specific to the code on that specific website, which is presumably storing the query string in a cookie.

Answer 3

That text may be just an example and you shouldn't stick to that.

Including any text in the query string does not imply a cookie is created with that information, although some sites may contain additional code to do so.

Answer 4

Cookies get set and submitted seperately from the URL, so in the HTTP-header it would look like this:

GET /search?terms=bonjovi
Cookie: $Version=1; UserId=JohnDoe

The only way the query string would be stored in a cookie would be if a cookie path is used in conjunction with rewritten URLS or if the server explicitely sets a cookie with some sort of id or the query string.

Answer 5

If you read the whole document, you'll note that they say

DoubleClick's cookies only collect information from one step of the above process: Step One. The cookies capture certain parts of the communications that users send to DoubleClick-affiliated Web sites. They collect this information in three ways: (1) "GET" submissions, (2) "POST" submissions, and (3) "GIF" submissions.

They are describing a process used by DoubleClick, not an internet standard.

You (and anyone else, including DoubleClick) can take information that is available to you (including information that might be sent as part of a GET submission) and store it in a cookie.

You should interpret the sentence in question (in context) like this:

1. DoubleClick stores information from the query string in a cookie.
2. The URL query string is the portion of a URL that begins with the "?" character.
3. The query string portion of the hypothetical URL is "Bon Jovi".
4. DoubleClick's process would use a cookie to record that the user requested information about Bon Jovi

Supported Conclusion:

DoubleClick takes/took information from a URL query string (which is the part of the URL that begins with a "?") and uses a cookie to record information that the user requested.

Unsupported Conclusion:

A URL query string with a "?" would have the cookie record the user requested information. There exists some RFC that describes this behavior.