LYCOS RETRIEVER 
Cookie: Set
built 141 days ago
Beside the name/value pair, a cookie may ... contain an expiration date, a path, a domain name, and whether the cookie is intended only for encrypted connections. RFC 2965 also specifies that cookies must have a mandatory version number, but this is usually omitted. These pieces of data follow the name=newvalue pair and are separated by semicolons. For example, a cookie can be created by the server by sending a line Set-Cookie: name=newvalue; expires=date; path=/; domain=.example.org.
Source:
This cookie is built and distributed by Google.com. The first line is the name of the cookie, and the second line contains the cookie's value (which, in this case, is actually a set of name-value pairs separated by colons; this is Google.com-specific). The rest of the lines are attributes set by Google.com.
Source:
This header entry would result in a cookie named foo. The value of foo is bar. In addition, this cookie has a path of /, meaning that it is valid for the entire site, and it has an expiration date of Dec 9, 2002 at 1:46pm Greenwich Mean Time (or Universal Time). Provided the browser can understand this header, the cookie will be set.
Source:
This type of attack is difficult to detect on the user side, since the script is coming from the same domain that has set the cookie, and the operation of sending the value appears to be authorised by this domain. It is usually considered the responsibility of the administrators running sites where users can post to disallow the posting of such malicious code.
Source:
The path parameter is potentially the most useful of the 4 optional cookie settings. It sets the URL path the cookie is valid within. Pages outside of that path cannot read or use the cookie.
Source:
[A] cookie has the option to be set as a secure cookie. If this is turned on, the cookie will only ever be surrendered to the site over a secure connection, not an insecure one.
Source:
MORE ABOUT
Set