The following information about cookies came from a link on the cookiescentral.com web site and from Internet Explorer 5.0 Help.

A "cookie" is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser. This is useful for having the browser remember some specific information.

An example is when a browser stores your passwords and user ID's. They are also used to store preferences of start pages. Both Microsoft and Netscape use cookies to create personal start pages. Other common uses for cookies are listed below:

Online Ordering Systems.

An online ordering system could be developed using cookies that would remember what a person wants to buy. This way if a person spends three hours ordering CDs at your site and suddenly has to get off the net they could quit the browser and return weeks or even years later and still have those items in their shopping basket.

Site Personalization.

This is one of the most beneficial uses. Let's say a person comes to the MSNBC site but doesn't want to see any sports news. They allow people to select this as an option, from then on (until the cookie expires) they wouldn't see sports news. This is also useful for start pages.

Website Tracking.

Here is a hot button! A lot of people think it is an invasion of privacy if a web site designer wanted to see what interests them. Site tracking can show you "Dead End Paths," places in your website that people go to and then wander off because they don't have any more interesting links to hit. It can also give you more accurate counts of how many people have been to pages on your site. You could differentiate 50 unique people seeing your site from one person hitting the reload button 50 times.

Targeted Marketing. This is probably one of the main uses of cookies. Cookies can be used to build up a profile of where you go and what adverts you click on. This information is then used to target adverts at you which they think are of interest. Companies also use cookies to store which adverts have been displayed so the same advert does not get displayed twice.

A command line in the HTML of a document tells the browser to set a cookie of a certain name or value. Here is an example of some script used to set a cookie.

Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure

Cookies are usually run from CGI scripts, but they can also be set or read by Javascript.

An HTTP Cookie cannot be used to get data from your hard drive, get your email address or steal sensitive information about your person. Early implementations of Java and JavaScript could allow people to do this but for the most part these security leaks have been plugged. But HTTP Cookie can be used to track where you travel over a particular site. This site tracking can be easily done without using cookies as well. Using cookies just makes the tracking data a little more consistent. If you want to disallow cookies you can do so with version 3.0 or greater of Netscape or MS Explorer.

The value of a cookies remains unknown because the value name and variable are only known by the server which set it, so it is impossible for someone to steal a cookie from the information stored below or from a CGI script, but it is possible to steal a cookie from Javascript.

Internet Explorer 5.0 no longer stores cookies in a single file. Each cookie is a separate file in the c:\windows\cookies directory. This makes it harder stop cookies. However, if you want to stop individual cookies, you can corrupt the cookie by deleting the contents then saving the file and setting its attributes read-only. This means when you log onto a site which has set that cookie it cannot read any information off your cookie or give you a new one. Like in Netscape you can set IE to alert you before accepting cookie. To do this go to the View menu | Internet Options | security tab | custom level button | allow cookies (¤ disable or ¤ enable or ¤ prompt).

You can delete cookies from the c:\windows\cookies directory. While you’re at it you might consider deleting your temporary Internet files from c:\windows\temporary Internet files directory.

Cookies cannot be used to get data or view data off your hard drive. Early Javascript implementations could allegedly do this. This problem has been plugged along with more serious Java exploits, and no longer poses any threat. A server can only get data from the cookie it wrote to the cookie file. The server must be on the same domain from which the cookie was set.

Can someone from one site access the cookie information written by another site?

A site can only access a cookie that has been set from its own domain. It cannot access any other cookies from your computer. Sites could access other site's cookies, again this problem was plugged a long time ago.

Is there a way to see the cookies that a web site has set?

Cookies are stored in memory until you exit your browser, so it's not possible to see the current cookies you've accepted in the cookies.txt file until you quit. If you type JavaScript:alert(document.cookie); into the address bar, when you are logged onto a site, it is possible to see the cookies which have been set from that domain. For example, if you log onto the Doubleclick site and type the above command, you should see your user id for the Doubleclick network.

Are there other means of tracking web surfers than cookies?

There are many ways in which you are traced on the web. Cookies are seen more like a personal tag. Some people see them as an most invasive of privacy. They are the only tracking device that we can control. Every time you log on to a web site you give away a lot of information:

I set my browser to alert me before accepting cookies. In the dialog box in which the cookie offer is made, there is always the implicit threat that if you do not take the offer, you will not be able to enjoy the site you are visiting as well as you anticipate? 

While not accepting a cookie will probably not reduce the experience of the site, obviously if you go into a online shop and reject a cookie you cannot shop properly. It is possible for a site to not operate properly if cookies are not accepted. I do not know how many fall into this category right now. Netscape firstly developed cookies and now implemented by the RFC, so they want cookies to be used. The message box is just telling you that the site you are entering may not function properly if you do not accept the cookie. Most sites work fine if you decline a cookie. It is your decision whether to accept cookies or not. Most people do not set their browser to warn them before accepting cookies because it becomes really annoying when a site wants to set 10 cookies. It would be quite easy for Netscape or Microsoft to decline cookies automatically but this may render them useless. I work on the theory that there is less harm declining them than accepting them, this works for me. Please note the current version of Netscape Communicator and the betas, have options to automatically reject cookies.

What Use Is The Information We Reveal To Web Sites?

System administrators to build extensive personal profiles of visitors can use the information that people reveal to each Web site they visit. By automatically placing a Cookie on visitors' Web browsers, Servers register data on the Cookie. This allows administrators to view the history of site's users has last visited before they enter that site, the advertisements they have viewed and the online transactions they have conducted. Again, sites can only access cookies from their own domain. While Cookies can be useful in some situations (for example, in saving a user's password to a particular site), some people constitute this as invasion of privacy. Remember a web site only knows the data that you have entered.

Why Do Some People Dislike Cookies?

Cookies are sometimes disliked because they can set and perform functions without the user knowing. But couldn't one view computers in general as setting and performing functions without the user knowing? My machine swaps programs in and out every few seconds without telling me about it. Some people do not like a file that may contain a cookie with information about where they have been, and what they do, if they can stop it. This type of information is invaluable to some companies. Cookies are usually used for simple things like to store your specification of your start page, or your user id's and or passwords, but like most things they maybe manipulated to do bad things. Cookies can be used to track you on the net, what sites you go to what you like and so on. This is not the only your tracked by big brother on the net, for instance when you submit an auto search in Internet Explorer it's routed through Microsoft servers. Cookies were originally designed to maintain state in the stateless environment of HTTP. So it made it possible to store page settings, or user ids. A cookie can contain any data that an administrator wants.

Some Web sites store information in a small text file, called a "cookie," on your hard disk. Cookies contain information about you and your preferences. For example, if you inquire about a flight schedule at an airline's Web site, the site might create a cookie that contains your itinerary. Or it might only contain a record of which pages within the site you visited, to help the site customize the view for you the next time you visit.

Only the information that you provide, or the choices you make while visiting a Web site, can be stored in a cookie. For example, the site cannot determine your e-mail name unless you choose to type it. Allowing a Web site to create a cookie does not give that or any other site access to the rest of your computer, and only the site that created the cookie can read it.

Internet Explorer is set up to allow the creation of cookies; however, you can specify that you be prompted before a site puts a cookie on your hard disk, so you can choose to allow or disallow the cookie; or you can prevent Internet Explorer from accepting any cookies.

You can specify different settings for different security zones. For example, you might want to allow Web sites to create cookies if they are in your Trusted sites or Local intranet zone, prompt you before creating cookies if they are in your Internet zone, and never allow cookies if they are in your Restricted sites zone.