What are cookies?
Cookies help Web sites maintain user states. This means that Web sites can "remember" information about users to facilitate their preferences for a particular site, transparent user passwords, and so forth. More specifically, cookies allow Web sites (servers) to deliver simple data to a client (user); request that the client store the information; and, in certain circumstances, return the information to the Web site.
Cookies allow Web sites to maintain information on a particular user across HTTP connections. The current HTTP protocol is stateless, meaning that the server does not store any information about a particular HTTP transaction; each connection is "fresh " and has no knowledge of any other HTTP transaction. "State" information is information about a communication between a user and a server, similar in many ways to frequent flyer profiles or option settings in desktop software. (For example, a preference for aisle or window seats is cookielike information that a frequent-flyer program might store about one of its customers.) In some cases it is useful to maintain state information about the user across HTTP transactions.
What kind of client-side information can Web servers store?
User information may be stored in the cookie or in a database on the Web site. This information may be provided by either the user or the Web site provider. Some scenarios include the following:
Each of these examples illustrates one of two things: Either the server provides information (as in the last example) or the user provides information by taking some action, such as clicking a link or button or filling out a form.
Cookies can be used to store any information that the user volunteers. They cannot be used to gather sensitive information such as the fields in a Netscape preference file. In this case, however, the same information can just as easily (and with potentially more objectionable privacy concerns) be stored on the server by using a simple server-side application that stores user information in a database. Cookies are passive files that are delivered to the client, stored on the client's hard drive, and returned in certain situations to the same server that provided the information in the first place.
Where are cookies stored?
Cookie data is stored unencrypted on the user's hard drive (although during actual communication it is stored in memory). The filename is different for each platform. For example, on Windows machines, cookie data is stored in a file called COOKIE.TXT.
Can programmers save client state information without cookies?
Yes. Client state information can be stored in several ways. For example, server administrators and programmers can create a database application that tracks and stores data they would otherwise have managed with cookies. Cookies are simply a programming convenience.
How long do cookies last?
A Web site may set an expiration date for a cookie it delivers. If no expiration date is specified, the cookie is deleted when the user quits Netscape Navigator.
Can malicious sites read cookie information used by another site?
Cookies are designed to be read only by the site that provides them, not by other sites.
Can cookies be encrypted?
While the cookie file itself is unencrypted on the user's computer, it can be encrypted between the user's computer and a Web site. Programmers can require that cookies be delivered and received only in the context of a Secure Sockets Layer (SSL) session. The SSL session handles the actual encryption of cookie data.
What products support cookies?
Netscape Navigator has supported cookies since version 1.0. Internet client products from companies such as Microsoft also support cookies.
Does every browser implement cookies in the same way?
Are cookies being presented for standardization to a standards body?