What are cookies?
Cookies are a standard mechanism that allows a Web site (or server) to deliver simple
data to a client (or end user); request that the client store the information; and, in
certain circumstances, return the information to the Web site. Cookies are a way of storing
persistent client data so that a site can maintain information on a user across HTTP
connections. ("Persistent" means that the information from the Web site lasts longer than
the immediate connection).
How do cookies work?
Cookies are small data structures delivered by a Web site to a Web client. The Web site may
deliver one or more cookies to the client. The client stores cookie data on its local hard
drive. In certain cases (determined by the data in the cookie itself), the client returns the
cookie to the server that originally delivered it.
Why are cookies useful?
Cookies allow Web sites to maintain information on a particular user across HTTP connections.
The current HTTP protocol is stateless, meaning that the server does not store any information
about a particular HTTP transaction; each connection is "fresh" and has no knowledge of any
other HTTP transaction. "State" information is information about a communication between a user
and a server, similar in many ways to frequent flyer profiles or option settings in desktop
software. (For example, a preference for aisle or window seats is cookielike information that
a frequent–flyer program might store about one of its customers). In some cases it is useful to
maintain state information about the user across HTTP transactions.
What kind of client-side information can Web servers store?
Cookies can be used to store information about a user that either the user
or the Web site provides. Some scenarios include the following:
- Mary is shopping at a particular Web site that uses a shopping cart metaphor. She puts
items into a shopping cart by clicking a link or an "Add to Shopping Cart" button. Cookies can
be used to store the contents of Mary's shopping cart so that she can conveniently purchase a
cart full of items rather than one item at a time.
- Jim clicks around a Web site that allows users to view articles for a small charge. Cookies
can be used to store information about which articles he has viewed (that is, a list of URLs)
so that he can pay for them all at once rather than each time he downloads an article.
- Richard fills out a Web form with his name, address, and other information. Cookies can be
used to store this information so that the next time Richard visits the site, the information is
automatically uploaded and he doesn't have to provide it again. If the form contains sensitive
information such as a credit card number or a mailing address, the cookies can be delivered
over Secure Sockets Layer, which encrypts the information as it travels between the client and
server.
- Kay logs in to a Web site that requires a user name and password. When Kay's user name and
password pair is successfully verified, the server passes down a cookie that functions as a
"guest pass" allowing her access to certain areas of the Web site. After a set time period,
perhaps half an hour or a day, the guest pass expires and Kay must log in again.
In each of these examples there are only two ways to store data: either the server provides
it (as in the last example) or the user provides it by taking some action (such as clicking a
link or button or filling out a form).
Can cookies read information from a user's hard drive?
No. Cookies can only store data that is provided by the server or generated by an
explicit user action.
Can cookies be used to gather sensitive information, such as a user's email address?
Cookies cannot be used to gather sensitive information such as the fields in a browser
preference file. They can be used to store any information that the user volunteers, for example
by filling out an HTML form. In this case, however, the same information can just as easily
(and with potentially more objectionable privacy concerns) be stored on the server by using a
simple server–side application that stores user information in a database. Cookies are passive
data structures that are delivered to the client, stored on the client's hard drive, and
returned in certain situations to the same server that provided the information in the first
place.
Can programmers save client state information without cookies?
Yes. Client state information can be stored in several ways. For example, server administrators
and programmers can create a database application that tracks and stores data they would
otherwise have managed with cookies. Cookies are simply a programming convenience.
How long do cookies last?
A Web site may set an expiration date for a cookie it delivers. If no expiration date is
specified, the cookie is deleted when the user quits their browser.
Can malicious sites read cookie information used by another site?
Cookies are designed to be read only by the site that provides them, not by other sites.
Can cookies be encrypted?
Yes. Programmers can require that cookies be delivered and received only in the context of a
Secure Sockets Layer (SSL) session. The SSL session handles the actual encryption of cookie
data.
What products support cookies?
All web browsers support cookies.
What is the best way to block cookies?
At How–To Geek there is a guide on
How to Block All Cookies Except for Sites You Use
for users of IE, Firefix and Chrome.
A very useful app that I use is
CCleaner.
It cleans temporary files, history, cookies, download history and form history from your computer.
A very useful feature also allows to keep cookies that you may not want to delete.
I use it for my Google search preferences and a few other things
