Viewable With ANY Browser

Note: My Web pages are best viewed with style sheets enabled.

Unrated

About Those Cookies …

Copyright © 1999-2001, 2003, 2008-2010, 2018 by David E. Ross

Notice:

None of my Web pages set or use cookies. However, these pages do contain links to Web sites beyond my control, many of which do set and use cookies.


What Are Cookies?

How Are They Used?

Why Is Anyone Concerned?

But What Can You Do About Cookies?

A Browser Solution

Other Cookies

More Information


What Are Cookies?

A cookie is a small package of data describing your Web-surfing activities. When you request a Web page, you send a message to the page's Web server. The server returns the files needed by your browser client to display the page. Before those files are sent, however, the server sends some header messages describing those files. Those messages might include one or more cookies, each of which contains the following data:

The cookie

   .yahoo.com   TRUE   /  FALSE  1273769119   PL  V=1.1&d=JcW2MLFRMre
is interpreted as follows:
FieldExampleExplanation
domain.yahoo.comBecause the specified domain begins with a period, the cookie applies to all domains with any prefix and this ending (e.g., www.yahoo.com, news.yahoo.com, finance.yahoo.com).
flagTRUEAll cookies with domains beginning with a period have TRUE, and all cookies with complete domain specifications (not beginning with a period) have FALSE. This aids in interpreting the domain.
path  / Here, the virgule (/) indicates that the cookie applies to all files in the domain. If the path were /working, then the cookie would apply only to Web pages in the directory named working. If the path were /internet/cookies.html, then the cookie would apply only to the Web page in that specific file.
secureFALSEThe cookie may be used with unsecured Web pages. TRUE would restrict the cookie to only secure pages.
expiration1273769119The cookie expired on 13 May 2010 (1273769119 seconds from 1 January 1970 00:00:00 UTC).
namePLThe name of this cookie.
valueV=1.1&d=JcW2MLFRMreThe value associated with PL. Note that this cookie has two subvalues, each with its own name: The name V has the value 1.1, and the name d has the value JcW2MLFRMre.

Notice that a cookie does not contain any executable software, just data. The next time you request a Web page for which you already have a cookie, the IDs and their associated values are included in the request message you send to the page's Web server. Thus, the Web server can track your accesses to specific Web pages.

Although a Web page can only set a cookie for its own domain, a Web page can cause cookies to be set for other domains. If a page requests images or other files from other domains, the Web servers for those domains can then set cookies. Thus, visiting a news site that displays advertisements from other sites can set cookies for a number of different domains. Actually, a Web page might contain a microscopic or invisible graphic from another domain specifically for the purpose of setting cookies for that other domain.

While many cookies are written into your cookies file on your computer's hard drive, some cookies are intended for memory only. These session-only cookies are erased when you exit your Web browser application.

How Are They Used?

In general, a cookie tracks your request for a Web page and what you do as a result of browsing that page.

I am quite sure you can see other uses for cookies. On the other hand, there are a number of things a cookie cannot do.

Why Is Anyone Concerned?

You might not be concerned if a supermarket, gas station, public library, or drug store records how many times you enter their facility. But would you be concerned about someone keeping track of how many times you went into a liquor store? If you are a man, would you want someone else to have a record not only of how many times you went into a drug store but also of how many times you bought an ointment for "jock itch" or condoms (and what brands)? If you are a woman, would you want a record of what brand of pregnancy test you bought for cash, especially when your husband had a vasectomy five years ago?

Using cookies to identify you, Web sites can indeed maintain such records. With Internet connections using dynamic IP addresses (e.g., dial-up, some broadband), they might not be able to correlate their records with your actual identity, but they can identify the ISP and even the POP through which you connected to the Internet. With connections using static IP addresses (e.g., some broadband, T1), your actual identity can be determined. Even with a connection using dynamic IP addresses, if you input any identifying information on a Web form, that information can easily be tied to a cookie. Thus, the owner of a Web site can accumulate a profile about your Web-surfing activities and even connect that profile to an actual person — YOU. This is an issue of privacy and controlling information about how you live your own life.

Most important and despite what a cookie cannot do, some cookies can support the operation of malware. The anti-virus application that I use occasionally detects such cookies, which I promptly delete.

But What Can You Do About Cookies?

First of all, do not set your Web browser to reject or disable cookies. As described above, some memory-only cookies are needed to navigate through complicated Web pages or to use secure Web pages. Often, Web pages that write cookies will not load if you reject cookies. Also, do not set your Web browser to warn you about cookies. You will soon become very annoyed at having to respond to each cookie.

*** Begin Right Sidebar ***

Originally, cookies would be in plain text and found in a file named cookies.txt. However, Gecko-based browsers (e.g., Firefox, SeaMonkey) now save cookies in an SQLite database with the file name cookies.sqlite.

*** End Right Sidebar ***

My solution to this problem involved editing my cookies so that only those remained that I absolutely must have. I then made a back-up of the cookies. Before I start my browser, I copy the back-up over the cookies file, thus eliminating any cookies that I accumulated from the prior browser session. This makes all new, unwanted cookies memory-only. While I could refresh my cookies manually, I created a simple script to do this.

It is important to recognize that memory-only cookies persist until your terminate your browser. Thus, if you visit a Web site and enter data on a form, you might want to terminate your browser after you leave that site, thereby limiting the accumulation of data from memory-only cookies.

This should prove effective in defeating even DoubleClick's tracking of who views its advertisements across unrelated Web sites.

But what about the cookies that you want? You do get stock quotes from YeeHaw and you frequently request technical help from various software developers. I handle this situation as follows:

The next time I start my browser, I refresh my cookies from the new back-up. When I them request that Web site, the new cookies will be sent with the request. I have to remember that cookies do have expiration dates, although some expire only after many years. Thus, I might have to renew certain cookies and again create a new back-up.

A Browser Solution

Newer browsers contain cookie managers. I use SeaMonkey, whose cookie manager has the following features:

These features are generally found in Gecko-based browsers.

Other Cookies

Be aware that software other than Web browsers might set cookies, too. For example, RealPlayer sets cookies according to the streaming broadcasts you receive and the advertisements those broadcasts contain. It uses a cookies.txt file that is located in its own directory. While RealPlayer does have an option to suppress the use of cookies, I also set the file to read-only to prevent any cookies from being inserted into the file.

Windows 7 sets cookies in various subfolders of C:\Users. The Cookies subfolders themselves are generally marked as hidden system files. Windows XP sets cookies; and there is reason to believe that other versions of Windows — including Windows  10 — do so, too.

Other software may also establish cookies files. As with Gecko-based browsers, the files might not even be named cookies.txt. In some cases, it appears that the files are related to "live update" capabilities that automatically download and install upgrades to the software setting the cookies. (Both for security reasons and also because I want to maintain a log of all updates, I always disable automatic updates.)

More Information

More information about cookies — including technical details about their structure — is available from the following links:

Information about other links is always welcome.

Last updated 4 August 2018


Valid HTML 4.01