An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com.

July 18, 2010

Gmail's SHVA Parameter

Ever since Google launched a new version of Gmail, back in 2007, some people wondered why Gmail's address includes a parameter called "shva".

"Just curious, what does the SHVA parameter in the new gmail URL stand for? Is it an acronym? I'm not really asking about the technical usage or the functionality; I'm just interested in the choice of name," asked BRKR. "I know GMail is not an Open-Source program so we can trace the code. But every website tries to make the URL shorter so they ideally shouldn't add redundant data to the URL," thinks Omar Dolaimy.


According to Mike Sego, a former Gmail engineer, "shva" is an acronym for "should have valid authentication". Apparently, the parameter is only included after a successful authentication.

37 comments:

  1. I am become SHVA, the destroyer of worlds....

    ReplyDelete
    Replies
    1. If the world is destroyed I will sit shva for it.

      Delete
  2. i dont care dont blog this and dont feed up my reader with this shva bs cuz i dont give a efin shva

    ReplyDelete
    Replies
    1. Why don't you unsubscribe then TWAT

      Delete
  3. How can we know, only those who design the program know what the short form.

    ReplyDelete
  4. Thanks for the info! I've always wondered and just searched it today randomly, only to find you posted my answer yesterday!
    Thanks again,
    Ross

    ReplyDelete
  5. After this article about Gmail's mysterious shva=1 parameter, the shva=1 parameter has been removed from Gmail's URL

    ReplyDelete
    Replies
    1. No it hasn't

      Delete
    2. Not removed till date

      Delete
    3. Not removed till date

      Delete
  6. That seems like a good thing. This blog made it known, and this seemingly useless variable is now *poof*.

    ReplyDelete
  7. Ha, randomly wondered this too, googled, and here I am.

    Thanks.

    ReplyDelete
    Replies
    1. ditto! Very entertaining.

      Delete
    2. Yes, me too googled today just to know whether it is listed...Wow it's here.

      Delete
  8. It's not gone. I still see it. It doesn't do anything changing it. I tried shva=0 to see if it would ask me to log in but it didn't.

    ReplyDelete
  9. Should Have Valid Authentication

    ReplyDelete
  10. Should Have Valid Authentication

    ReplyDelete
  11. nice one guys... but wondering y such a parameter to decide authentication....

    ReplyDelete
  12. subbu, maybe you should try to finish your sentence next time? It tends to add clarity to your point.

    ReplyDelete
  13. If I load up gmail.com the variable is still there...

    ReplyDelete
  14. given it's connection to the written hebrew language, and it's connection to the name of a hindu deity, seems to me a different choice would suit better...

    ReplyDelete
  15. Oh it's back, baby!

    And better than ever.

    ReplyDelete
  16. Thank you for finding this out. It's been bothering me for a whole year now! I don;t know why I didn't look it up sooner.

    ReplyDelete
  17. You know what I think it is? I think it's a check to see if cookies are enabled in the browser. See this tutorial:

    http://www.developertutorials.com/tutorials/php/articlename-050526-1149/

    Basically to check a cookie was set you have to set the cookie, then resend the headers, then check the cookie exists. Now the shva=1 on the url would be there to stop it from re-doing the check and going into an infinite loop.

    SHVA could also mean Security Host Verification and Authentication.

    ReplyDelete
  18. randomly wondering and i found out!

    still looks useless.

    ReplyDelete
  19. then what is meant by 1 in ?shva=1....i'm new to internet..tats y i'm asking so....

    ReplyDelete
  20. removing ?shva=1 turnes google services in chrome fast again.

    ReplyDelete
    Replies
    1. Wonder why? Anybody know? I verified...

      Delete
  21. Chris, thanks for being the one person here with an intelligent answer.

    ReplyDelete
    Replies
    1. What, you didn't think AAhhh's answer was intelligent? ;)

      Delete
  22. a completely unnecessary parameter, no?

    ReplyDelete
  23. ANDREW CORBACIO IS A LEET HACKER

    ReplyDelete
  24. Should have valid authentication

    http://googlesystem.blogspot.com/2010/07/gmails-shva-parameter.html

    ReplyDelete