Cookie Q&A |
 |
Cookies are a very useful tool in maintaining state
variables on the Web. Since HTTP is a "stateless"
(non-persistent) protocol, it is impossible to differentiate between
visits to a web site, unless the server can somehow "mark" a
visitor. This is done by storing a piece of information in the
visitor's browser.
This is accomplished with cookies. Cookies can
store database information, custom page settings, or just about
anything that would make a site individual and customizable. An
analogy I like to use is that cookies are very much like a laundry
"claim-check" of sorts. You drop something off, and get a
ticket. When you return with the ticket, you get that same something
back.
1. What is a cookie?
A cookie is simply an HTTP header that consists of a text-only string
that gets entered into the memory of a browser. This string contains
the domain, path, lifetime, and value of a variable that a website
sets. If the lifetime of this variable is longer than the time the
user spends at that site, then this string is saved to file for future
reference.
2. Where did the term
cookies come from?
According to an article written by Paul Bonner for Builder.Com on
11/18/1997:
"Lou Montulli, currently the protocols manager in Netscape's
client product division, wrote the cookies specification for Navigator
1.0, the first browser to use the technology. Montulli says there's
nothing particularly amusing about the origin of the name: 'A cookie
is a well-known computer science term that is used when describing an
opaque piece of data held by an intermediary. The term fits the usage
precisely; it's just not a well-known term outside of computer science
circles.'"
3. Why do sites use
cookies?
There are many reasons a given site would wish to use cookies.
These range from the ability to personalize information (like on My
Yahoo or Excite), or to help with on-line sales/services (like on
Amazon Books or Microsoft), or simply for the purposes of tracking
popular links or demographics (like DoubleClick). Cookies also provide
programmers with a quick and convenient means of keeping site content
fresh and relevant to the user's interests. The newest servers use
cookies to help with back-end interaction as well, which can improve
the utility of a site by being able to securely store any personal
data that the user has shared with a site.
4. Where can I get more
information?
Cookie Central is dedicated to answering questions about cookies.
If you can't find your answers there, one may not exist.
The World Wide Web Consortium has an excellent FAQ
to answer the majority of Internet and Web-related questions. You can
read their topic: "Do 'Cookies' Pose any Security Risks?"
In addition, there are an abundance of resources on
the Internet that can help you find answers to your cookie questions.
Conveniently, Yahoo has a great listing of them.
If you like having an actual paper book by your
side, I strongly encourage Simon St. Laurent's cookies, published by
Computing McGraw Hill. You can find it on Amazon.com, or try your
local bookstore!
5. Can I delete cookies?
Yes. Whether you use Netscape or Microsoft Internet Explorer (MSIE),
your cookies are saved to a simple text file that you can delete as
you please.
In order to do this properly, remember to close
your browser first. This is because all your cookies are held in
memory until you close your browser. So, if you delete the file with
your browser open, it will make a new file when you close it, and your
cookies will be back.
Remember that deleting your cookie file entirely
will cause you to "start from scratch" with every web site
you usually visit. So, it may be preferable to open the cookies.txt
file (in the case of Netscape) and remove only the entries you don't
like, or go to the cookies folder (in the case of MSIE) and delete the
files from servers you don't want.
6. How do I set my browser
to reject cookies?
Both Netscape and Microsoft Internet Explorer (MSIE) allow some level
of cookie verification. Netscape 3.0 and MSIE 3.0 allow you only to
"alert before accepting cookies." This is done through the
Options/Network Preferences/Protocols menu (for Netscape) or the
Internet Options/Advanced menu (for MSIE). This means you can read
each cookie as it comes in, and hit "OK" to allow it, or
"Cancel" to reject it.
Netscape 4.0 and MSIE 4.0 go one better. They have
menu options that allow you to accept all, some, or none of your
incoming cookies. In addition, the "warn before accepting"
feature is still present in both, if you want to screen your incoming
cookies.
In Netscape 4.0, go to the
Edit/Preferences/Advanced menu. You will see all of the above choices.
In MSIE 4.0, go to the View/Internet Options/Advanced menu. There you
can accept all, warn before accepting, or reject all.
MSIE 5.0 has a lot of menu and dialog changes, but
you can still disable cookies. Go to the Tools/Internet
Options/Security menu. In there, you can choose the security level for
4 different browsing conditions: Internet Sites, Local Sites,
"Trusted" Sites, and Restricted Sites. If you select
"Internet," and click on Custom Level, you'll get a dialog
box where you can accept all, warn before accepting, or reject all
cookies.
Once a cookie is rejected, it is thrown out and not
saved to memory or disk. Don't forget, though, that servers will keep
looking for the cookie even if you have discarded it and may try to
replace it as you surf around.
This fact is almost comical in nature. Essentially,
without a cookie to tell the server who you are, it can't remember not
to send you any cookies!
7. Are cookies dangerous
to my computer?
NO. A cookie is a simple piece of text. It is not a program, or a
plug-in. It cannot be used as a virus, and it cannot access your hard
drive. Your browser (not a programmer) can save cookie values to your
hard disk if it needs to, but that is the limit of the effect on your
system.
8. Will cookies fill up my
hard drive?
Both Netscape and Microsoft have measures in place that limit the
number of cookies that will be saved on your hard drive at one time.
Netscape limits your total cookie count to 300. If
you exceed this, the browser will discard your least-used cookies to
make room for the new ones.
Microsoft saves cookies into the "Temporary
Internet Files" folder, a system folder that you can set the
maximum size of (the default is 2% of your hard drive).
In any event, remember that the average size of a
cookie ranges from 50-150 bytes. You would need about 20 million
cookies to fill up a 2GB drive. This is incredibly unlikely.
9. Are cookies a threat to
my privacy?
As with everything else about the Internet, you are only as
anonymous as you want to be. The sad truth is that revealing any kind
of personal information opens the door for that information to be
spread. The very nature of Web servers allows for the tracking of your
surfing habits alone, and other information about you can be gathered
with time.
While cookies themselves are not gathering that
data, they are, unfortunately, used as a tracking device to help the
people who are gathering that information. As information is gathered
about you, it is associated with the value they keep in your cookie.
To reiterate, A COOKIE ALONE CANNOT READ YOUR HARD
DRIVE TO FIND OUT WHO YOU ARE, WHAT YOUR INCOME IS, OR WHERE YOU LIVE.
The only way that information could end up in a cookie is if YOU
provide it to a site and that site saves it to a cookie.
The never-ending ethical debate associated with
these facts shall be left to other forums. However, it is wise to
consider carefully the information you collect and share over the
Internet.
10. Sites are telling me I
need to turn on cookies, but they are on. What's wrong?
There are three likely possibilities for problems like this.
Firstly, the site you are visiting may be detecting cookies
improperly. As a result, it may appear to the site that you are
rejecting cookies when in fact you are not.
Another possibility is that you may be running
software that interferes with cookie usage. There are many filtering
and blocking software packages available for Internet users these
days, and many of them also filter cookies. If you are running
software like this, then your computer may not receive or send
cookies. This will cause sites you visit to assume you are not
accepting cookies.
Finally, your machine may be behind a firewall or
proxy server that prevents cookie transmission. This is most likely in
a corporate environment. So, regardless of how your browser is set,
cookies won't be sent or received by your browser. Since the cookies
aren't making it through to your browser, the Web Site will assume you
personally aren't accepting them.
11. I deleted my cookies,
and I can't log-on to my favorite site anymore. What can I do?
Many sites use a cookie to keep track of your settings on their
servers, and to help you log in to their site. If you lose your
cookie, that site cannot recall your settings for you to use.
If this happens to you, the best thing you can do is contact that
site's webmaster or customer service department.
12. I looked at my
Internet Explorer cookies, and they had my username on them! Can
servers see my username?
Because Windows systems allow more than one user to login and use
programs, Microsoft had to come up with a way to keep each user's
cookies separate on a given machine. This can be common in workplaces,
where a single machine is shared by many employees.
This is accomplished by appending the username to
the cookie file name. This way, both Jane Doe and Joe Smith can get
cookies from coolsite.com and they don't get over-written. Also, this
stop's Jane from using Joe's cookies while she's surfing, since the
browser will only use her cookies when she is logged in.
|
