do I enable cookies?
do cookies work?
are cookies useful?
kind of client-side information can Web servers store?
cookies read information from a user's hard drive?
cookies be used to gather sensitive information, such as a user's
are cookies stored?
programmers save client state information without cookies?
long do cookies last?
malicious sites read cookie information used by another site?
cookies be encrypted?
products support cookies?
every browser implement cookies in the same way?
- Where do I find more info on cookies?
How do I enable cookies?
enable cookies for Microsoft Internet Explorer 6:
Click Tools, and then click Internet Options.
Click the Privacy tab.
the slider down to Accept All Cookies
enable cookies for Mozilla Firefox:
Click Tools, then Options
Click the Privacy Icon on the left
If the Cookies option tree isn't showing, click the + sign next
sure the Enable Cookies checkbox is checked
To see if your browser supports cookies, and for detailed instructions
about how to enable this feature, see the online Help for your
If you see a message to notify you that a Web site is trying to
send you a cookie when you try to sign in, you should choose to
continue or you will not be able to sign in.
If your browser does not support cookies, you can upgrade to a
newer browser, such as Internet Explorer 5.
What are cookies?
Cookies help Web sites maintain user states. This means that Web
sites can "remember" information about users to facilitate their
preferences for a particular site, transparent user passwords,
and so forth. More specifically, cookies allow Web sites (servers)
to deliver simple data to a client (user); request that the client
store the information; and, in certain circumstances, return the
information to the Web site.
How do cookies work?
Cookies are small data structures delivered by a Web site to a
Web client. The Web site may deliver one or more cookies to the
client. The client stores cookie data in one or more flat files
on its local hard drive. In certain cases (determined by the data
in the cookie itself), the client returns the cookie to the server
that originally delivered it.
Why are cookies useful?
Cookies allow Web sites to maintain information on a particular
user across HTTP connections. The current HTTP protocol is stateless,
meaning that the server does not store any information about a
particular HTTP transaction; each connection is "fresh" and has
no knowledge of any other HTTP transaction. "State" information
is information about a communication between a user and a server,
similar in many ways to frequent flyer profiles or option settings
in desktop software. (For example, a preference for aisle or window
seats is cookielike information that a frequent-flyer program
might store about one of its customers.) In some cases it is useful
to maintain state information about the user across HTTP transactions.
What kind of client-side information can Web servers store?
User information may be stored in the cookie or in a database
on the Web site. This information may be provided by either the
user or the Web site provider. Some scenarios include the following:
is shopping at a particular Web site that uses a shopping cart
metaphor. She puts items into a shopping cart by clicking a
link or an "Add to Shopping Cart" button. Cookies can be used
to store or reference information on the contents of Alice's
shopping cart so that she can conveniently purchase a cart full
of items rather than one item at a time.
clicks around a Web site that allows users to view articles
for a small charge. Cookies can be used to store or reference
information about which articles he has viewed (that is, a list
of URLs) so that he can pay for them all at once rather than
each time he downloads an article.
fills out a Web form with his name, address, and other information.
Cookies can be used to store or reference this information so
that the next time Carl visits the site, the information is
automatically uploaded and he doesn't have to provide it again.
If the form contains sensitive information such as a credit
card number or a mailing address, the cookies can be delivered
over Secure Sockets Layer, which encrypts the information as
it travels between the client and server.
logs in to a Web site that requires a user name and password.
When Don's user name and password pair is successfully verified,
the server passes down a cookie that functions as a "guest,
pass" allowing him access to certain areas of the Web site.
After a set time period, perhaps half an hour or a day, the
guest pass expires and Don must log in again.
of these examples illustrates one of two things: Either the server
provides information (as in the last example) or the user provides
information by taking some action, such as clicking a link or
button or filling out a form.
Can cookies read information from a user's hard drive?
No. Cookies can only store data that is provided by the server
or generated by an explicit user action.
Can cookies be used to gather sensitive information, such as
a user's email address?
Cookies can be used to store any information that the user volunteers.
They cannot be used to gather sensitive information such as the
fields in a Netscape preference file. In this case, however, the
same information can just as easily (and with potentially more
objectionable privacy concerns) be stored on the server by using
a simple server-side application that stores user information
in a database. Cookies are passive files that are delivered to
the client, stored on the client's hard drive, and returned in
certain situations to the same server that provided the information
in the first place.
Where are cookies stored?
Cookie data is stored unencrypted on the user's hard drive (although
during actual communication it is stored in memory). The filename
is different for each platform. For example, on Windows machines,
cookie data is stored in a file called COOKIE.TXT.
Can programmers save client state information without cookies?
Yes. Client state information can be stored in several ways. For
example, server administrators and programmers can create a database
application that tracks and stores data they would otherwise have
managed with cookies. Cookies are simply a programming convenience.
How long do cookies last?
A Web site may set an expiration date for a cookie it delivers.
If no expiration date is specified, the cookie is deleted when
the user quits Netscape Navigator.
Can malicious sites read cookie information used by another
Cookies are designed to be read only by the site that provides
them, not by other sites.
Can cookies be encrypted?
While the cookie file itself is unencrypted on the user's computer,
it can be encrypted between the user's computer and a Web site.
Programmers can require that cookies be delivered and received
only in the context of a Secure Sockets Layer (SSL) session. The
SSL session handles the actual encryption of cookie data.
What products support cookies?
Netscape Navigator has supported cookies since version 1.0. Internet
client products from companies such as Microsoft also support
Does every browser implement cookies in the same way?
official standard, there may be some subtle differences that do
not affect how they work. For instance, Netscape uses a single
file for all cookies, while another company uses a folder with
a separate file for each cookie.
Are cookies being presented for standardization to a standards
See Cookie Monsters - The innocuous text files that Web surfers love to hate.