TUCOWS ARTICLE

Understanding and Managing Cookies On the Web

If you've spent much time on the web, you've probably encountered a web site that tells you "You must have cookies enabled to use this site." If you've been confused by this seeming non sequitur, you're not alone--"cookie" is one of the oddest bits of jargon you're likely to encounter on the web. In this article I'll tell you what cookies on the web really are and what you need to know about them.
Published: Dec 6, 2007
Author: Jordan Running
Related OS: XP / Vista
Categories:
Spyware cleaners
Software that can help Good for Cow Rating
PC Tools Spyware Doctor 2011 Build 9
Demo
Download This is an adware and spyware removal utility that detects and cleans thousands of...

Note: By necessity this article contains a lot of technical terms. Where possible, I link to each term's entry in my article Understanding Internet Jargon.

What is a cookie?

Tetris cookies by mache
Tetris cookies by mache
When you view a web page, the web server which sends it to you can store a small parcel of text on your computer, which will be sent back to the server each time you request the same or another page from the same web site. This bit of text is called an HTTP cookie, web cookie, or, most commonly, just cookie. In addition to the text data, a cookie can have an expiration date, at which time it will automatically be deleted--if it doesn't have an expiration date, it will be deleted when you exit your web browser.

The maximum amount of data that can be stored in one cookie is four kilobytes in most browsers, the equivalent of about two pages of typewritten text. (By comparison, a standard 3.5" floppy disk can hold 1,440 kilobytes of data, and a typical three-minute MP3 song takes about twice that.), but most cookies use a fraction of that space. The number of cookies a browser will store for a single web site (domain name, to be more specific) varies from browser to browser, but most will allow 30 or more.

How do cookies work?

To understand how cookies work, you first must understand a bit about how the HTTP protocol works. Here are the basics: When you enter an address in your browser's address bar or click on a link a page loads an image, video, or other file, what your browser is really doing is sending an HTTP request to a web server. When the server receives your request, it loads or generates the requested web page, image, video, etc. and sends it--in the form of an HTTP response--to your web browser, which then displays it for you.

Both requests and responses can include extra information like browser type, date and time, and so on in the form of "headers" which are used by your computer and the server, but not displayed on your screen. When a server sends a response to your web browser, one of the headers it can include is a "Set-Cookie" header, which gives the browser text data and an expiration date to store in a cookie. Then, the next time you send another request to the same server, that cookie--assuming it hasn't expired--will be sent back, unchanged, to the server along with the request.

What are cookies for?

Now that you know how cookies work, you might be wondering what they're good for--what use is it for a web server to store tiny bits of data on your computer? Well, mainly web sites use cookies to remember information about you and and how you use them. For example, when you view an item on Amazon, Amazon stores a cookie on your computer, and when you return to Amazon's front page, your browser sends the cookie back, and Amazon uses it to give you quick access to the item you looked at before, or show you related items. A weather web site could use a cookie to remember your ZIP code so you don't have to enter it every time you visit. In most cases if you log in to a web site and the site is able to "remember" you the next time you come back, it does so using cookies. In many cases web sites don't store the actual information in cookies--that could be a security risk--but rather the information is stored in a database on the web server, and a unique but meaningless value associated with the database record is stored in a cookie on your computer.

Are cookies dangerous?

In a word: No. Cookies are not anything like viruses or spyware, despite popular misconceptions, and they can't harm your computer or your files. Your web browser will only send a cookie to the same web server that created it, and web servers have no way to retrieve information from your computer other than the cookies it created.

On the other hand, there are some privacy issues to be aware of with cookies. While your web browser will only send cookie data to the same web server that sent it to you, cookies nevertheless can be used, in some cases, to track your activities across multiple web sites. Here's how: A web page can include images, scripts, and other data, that is actually hosted on other web servers. For example, you can display a video from YouTube on your own blog. This is a good thing. The flip side is that when multiple web sites use, for example, the same ad network, because the advertisements are all sent from the same web server or servers (the ad network's), the ad network knows which of the sites you have visited. You are still anonymous to the ad network--it cannot find out your real name or your credit card numbers, for example--but it can use the information it has learned about your browsing habits to display ads targeted to your interests when you visit those sites. Some people consider behavior like this to be a violation of their privacy. In the next section I'll give you some tips for dealing with these kinds of cookies.

How do I manage cookies in my web browser?

Every web browser has some built-in functionality to view and manage cookies. I'll step you through finding and using those tools in Mozilla Firefox and Internet Explorer below. For other browsers, check their help documentation.

Internet Explorer

In Internet Explorer, you can manage your cookies by clicking on the Tools menu, choosing Internet Options. If you want to turn cookies on or off, click on the Privacy tab and then the Advanced button. If you check the "Override automatic cookie handling" checkbox, you can select "Block" to never allow cookies (which I don't recommend, as it will severely limit your use of some web sites) or "Prompt" to be prompted every time a web site tries to set a cookie (this will get annoying very quickly). In this dialog, "First-party cookies" refers to cookies set by the server that hosts the page you're looking at, and "Third-party cookies" refers to cookies set by other servers whose images, etc. are included on the page you're viewing, such as in the ad network scenario I mentioned above. "Always allows session cookies" refers to those cookies that are automatically deleted when you exit Internet Explorer.

If you want to manage the cookies that have already been set in Internet Explorer, go to the General tab in Internet Options. If you want to delete all of the cookies that are currently being stored, click on Delete Cookies... under Temporary Internet Files in Internet Explorer 6, or, in IE7, the Delete button under Browsing History followed by Delete Cookies. If you'd rather see all of the cookies and delete them individually, click on Settings under Temporary Internet Files (for IE6) or Browsing History (for IE7) and then click on View Files. This will take you to Internet Explorer's cache, where cookie files have names that start with "Cookie:". Each cookie will show an address, and if you open the file in Notepad you can see its contents, although it's unlikely to be intelligible. To delete a cookie, just select it and press delete.

Mozilla Firefox

To manage your cookies in Firefox, click on the Tools menu and choose Options... Then click on the Privacy tab. There, if you never want to accept cookies, you can uncheck the "Accept cookies from sites" box. Again, this will severely limit your use of some sites. If you want, you can click on Exceptions... to specify sites from which you never, or always, wish to accept cookies from. If you click on the Show Cookies... button, you can see all of the sites which have stored cookies on your computer, and complete data about each cookie, and you can manually delete any you want to get rid of. If you'd rather get rid of all of your cookies at once, click on Clear Now... under Private Data on the Privacy tab, and check to Cookies checkbox and uncheck all the others before clicking on Clear Private Data Now.

If you want even easier access to cookies in Firefox, I highly recommend the View Cookies add-on. It places a new tab on the Page Info dialog, allowing you to see all of the cookies for the site you're currently looking at with just a few clicks.

External tools

There are a lot of third-party tools out there that are designed to make managing your cookies easier. Many of them can be found right here on Tucows. If you're just worried about those tracking cookies that have the potential to violate your privacy, you'll find that most good anti-spyware programs will detect and optionally delete the worst of them. You can download a free trial of Spyware Doctor here at Tucows, or learn about some good, 100% free solutions in my article Protect Your PC For Free.


About Jordan Running

Blogger since 1999, Jordan Running went pro in 2005 and never looked back. Sometimes programmer, occasional photographer, and serial tinkerer, he decided to to switch to Linux in 2001 but just hasn't quite gotten around to it yet.

Digg This
Please login to add your comment
Leave A Comment
Name: