ACCC Home Page ACADEMIC COMPUTING and COMMUNICATIONS CENTER
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 
The ADN Connection, April/May/June 1998 The A3C Connection
April/May/June '98 Contents A Time of Opportunity, a Time to Move On (from CMS) Keeping Secure on the Web Web Security for Files and Data The ADN Post ADN Free Summer Seminars Cookies on the Web
Picking Keywords for UIC Search Copyright and Fair Use Operating Systems Support Group Guidelines on Email Size Active Content on the Web About the ADN Connection  

Cookies on the Web

 
News and Reviews WWW Everyone 

 
Cookies on the Web can be useful, but they aren't anywhere near as tasty as real cookies, and they can be dangerous to more than just your waistline.
 
   
 
     
What is a Cookie?
  An HTTP cookie is a short piece of information (often encoded), which may be sent to you by the Web server when you visit a Web site. Unless you've expressly told it not to, your browser will save any cookies it receives in a file or folder on your hard drive. When you revisit that site or as you move from page to page within the site, your browser will automatically to send the cookie back to them.
 
 
The Web sites you visit know -- and probably record -- some stuff about you even if you tell them nothing.

The Web sites you visit always know a few things about you: the Internet domain name or IP address of the machine you're using, what type of browser you're using, and what URL you came from. Most Web servers record this information to keep track of how their resources are being used.

Most Web sites won't distribute or otherwise abuse this information, but some do.

 Ditto your browser.

Browsers also keep a record of the Web sites you visit. (IE keeps the last 300 by default!) They use these histories to help us type URLs. We probably all agree that it's unethical to look at other people's browser histories, but I'm sure that browser histories have caused more than one kid to be grounded from the Internet. (Not to mention people being fired because of them.)

So you might not want to go anywhere you'd be embarrassed to tell your neighbor about.
Figure 1: Some Sample Cookies

Here's part of my current Netscape cookie.txt file. (If you use Internet Explorer, look for a directory/folder named cookies or a file named magic cookies on a Mac.) I changed the details to protect the innocent. (Namely, me.)

Note that Netscape knows my email address and Netscape and NSCP-Partners have shared information about me -- both know me by the same ID. And I have an ID and password for The New York Times Web site.

www.zdnet.com FALSE /zdnn/content/zdnn/0402 FALSE 899973600 ziff_study_4 0 e12.zdnet.com FALSE /clear FALSE 948684721 cgversion 1 

.netscape.com TRUE / FALSE 1609376728 
NS_REG SHA1=%8E%E5%DE%2E%DEK%0F%7F%09zs%
9Cw%87%11F%A35%C7[-]UR%5FREG%5FID=3890969%3ASWDv1[-]UR%5F
EMAIL=judygs%40uic%2Eedu .nscp-partners.com TRUE / FALSE 946328328 
NS_REG UR%5FREG%5FID=3890969:SWDv1[-]
SHA1=%d5%f6%2d%ae%f2Y%b9%d9%c61%dcjj5%fa%1dv%07u1

.nytimes.com TRUE / FALSE 949984834 PW +=1=0*6=ß 
.nytimes.com TRUE / FALSE 949984836 ID 4):%7+ß
.nytimes.com TRUE / FALSE 949984841 RDB C80200EABE00www.onsale.com FALSE / FALSE 946656000 OnsaleBidAuthorizationCookie 887133327291.13 095.901.37 

Return to  Contents

 
     
What are cookies good for?
  Normally, each visit you make to any Web site is stateless; the Web server has no way to tell whether you've ever been there before or what you did when you were there. The two-way exchange of cookies -- the server sends you a cookie, your browser accepts it and sends it back the next time you visit that site -- provides a convenient way for a Web server to recognize who you are and keep track of what you're doing.

Return Contents

 
     
What should you do about cookies?
  Automatically rejecting every cookie you're offered is not a good idea. Bluestem authentication, for example, won't work without cookies. And cookies can also make things easier for you while you're using a Web site; for example, most Web "shopping carts" run on them, as do some searches.

But cookies can also be a threat to your privacy. Check out the sample cookies in figure 1 -- my email address is in one of the Netscape cookies, and now they will get it back from me, without my knowing it, each time I visit a Netscape site. But keep in mind that I must have chosen to give my email address to them at some point; your simply accepting a cookie sent by a Web server does not give that server any personal information about you except what you've already told it yourself. (Then again, maybe I didn't; see Active Content on the Web.)

I don't think Netscape will abuse this information, but there's nothing to stop them from doing so. I also don't think I'll get into trouble for visiting Netscape from work, but I'm sure there are people working in less open environments who have regretted their visiting certain sites.

I use the "accept only cookies that get sent back to the originating server" option (available now only on Netscape 4.0). I also told my browser to "warn me before accepting a cookie." Having to say yes or no to every cookie you're offered can get old pretty fast, but it's not a bad idea to do it for a while so you can see what kinds of cookies you're getting and how often you get them. And don't be afraid to reject a cookie; most Web pages will work just fine without them. Even if they send you one after another after another, as some sites do.

Return Contents

 
     
How to Set Your Cookie Preferences
  Netscape Navigator 3: You can tell Netscape to notify you each time you're offered a cookie. From the menu bar, select Options, then Network Preferences, and click on the Protocols tab.

Netscape Navigator 4: You can choose to accept all cookies, accept only cookies that get sent back to the originating server, or disable cookies altogether, and you can also tell it to ask before accepting cookies. From the menu bar, select Edit, then Preferences…, and click on "Advanced". The cookie options are at the bottom right.

Microsoft Internet Explorer 3: You can instruct IE to notify you each time you're offered a cookie. From the menu bar, select View, then Options, and click on the Advanced tab.

Microsoft Internet Explorer 4 (and Outlook Express): You have three options: to accept all cookies, ask before accepting cookies, or disable cookies altogether. From the menu bar, select View, then Internet Options, then click on the Advanced tab. Scroll down until you see an icon that is a yellow triangle with an exclamation point in it.

Return Contents

 
     
For More Information About Cookies
  Start at Netscape's "Cookies and Privacy FAQ": http://search.netscape.com/assist/security/faqs/cookies.html
Official specifications for cookies are being worked on by the HTTP Working Group of the Internet Engineering Task Force (IETF); they're on the Web at http://portal.research.bell-labs.com/~dmk/cookie.html Comments are welcome; please send them to
Judith Grobe Sachs, judygs@uic.edu 		 
 

The ADN Connection, April/May/June 1998 Previous: ADN Free Summer Seminars Next: Picking Keywords for UIC Search

2002-7-15  connect@uic.edu
UIC Home Page Search UIC Pages Contact UIC