COOKIES nice to eat but what are they?

By:  Bleddyn Williams
Title:  AS/400 Internet Specialist
Date:  01/07/1999 - 07:31 PM (UCT)

The following is an article from Jonathan Eaton

You won't normally see them when you're connected to the Internet and happily surfing away - but they will slip unnoticed into files on your hard disk, and your Web browser will probably never warn you of what's going on. Just what are these silent invaders - stealthy computer viruses, or simply bits of cyberspace refuse? "They" are in fact small textual messages called "cookies", sent by Web servers to browsers in response to a request for an HTML document, and, because browsers are by default configured to accept cookies automatically, few Internet users will ever notice them. This article will examine the purposes behind the use of cookies, explain why they have become necessary, and show how they can help (as well as possibly complicate) our use of the Web.

Browsers that support cookies accept a string of ASCII characters from a Web server and store the "cookie" in a file on the user's computer. Cookies thus save information relating to the user's interaction with the originating Web server, typically associating its URL with some related value or identifier. Subsequent requests for the same URL cause the cookie data to be sent to the remote server with which it was associated. A Web server's use of cookies, however, is not mandatory but instead is entirely the choice of its designer or manager. Cookies were introduced to overcome one of the basic characteristics (some would say "weaknesses") of the Web: there is no inherent connection continuity or "state" between a Web server and the client browser.

This contrasts with the older style of computing that creates a "session" between a terminal and a remote computer (like "Classic" character-based Dialog or DataStar online services, for example). The session generates a history of commands, their associated output, and preferences that can be reviewed and re-run, and lasts until the user ends it. If you've ever wondered why many Web-based search services force you to resubmit your entire search each time you want to modify only part of it, then here's the main reason - "statelessness". Here's a (slightly truncated) cookie entry set by the BBC's site at as recorded by Internet Explorer 4:

BEEB_ID 10002983131827324596

Not very enlightening, is it? The main point to note is the presence of a unique identification code associated with the Web address - which might, for example, be used as an index key to a user's registration details held on the server.

Imagine you have entered a Web-based online service, such as a bookshop, that works on the basis of adding items to an electronic "basket". As in a real shop, you put items for purchase in the basket and finally take them to the till for payment. To make this work, the server your browser interacts with must track your movements and record your selections, since you will typically need to request several different HTML pages during your shopping trip. In this case, one or more cookies will be set to store the data; when you fill in your credit card details to pay, all your selections are thus passed to the server. This use of cookies to provide a transaction or command log is not confined to electronic commerce. Web sites that offer searchable databases may use cookies to record the user's preferences and options, such as the wish to restrict searching to the past three years every time the database is accessed, for example. Or, in a bulletin-board system, a cookie will record you have "read all messages", so on the next visit you see only new mail.

How can you tell if a Web site is setting cookies? Most browsers have options to control handling of cookies; these include acceptance without warning, warning before acceptance, or unconditional rejection. In Internet Explorer 4, select Internet Options from the View menu. Click the "Advanced" tab and scroll down to the Section headed "Security". The sub-section "Cookies" lists the options. In Netscape Communicator 4, choose Preferences from the Edit Menu, then Click on the "Advanced" option. Two cautionary notes: if you choose to reject all cookies, then some Web services will warn you that they will not function; if you opt to accept but notify each time one is set, then you will very quickly tire of clicking "OK" and your productivity will slump! For some Web sites wish to set up to thirty cookies when asked for their home pages; others may only require three.

Cookies can have other uses besides helping manage the problems associated with the need to provide a customised interface and content delivery. Many Web sites that offer some form of proprietary content require an initial registration procedure, involving sending some basic personal details to the desired service via a Web form. In some cases this involves the user having to choose their own username and password, or use one the provider has supplied. Cookies may be used to record a successful login attempt and often to support the option to "remember" who you are, thus suppressing the normal login prompt the next time you return to the site. Good practice here on the part of the site designer is to encrypt the user id and password entry stored in the cookie file to secure it from prying eyes.

Cookies have their problems, however. Since they are linked to the browser on the PC that accepted them, cookies cannot travel seamlessly with you as you move between computers in different locations. If someone else uses your PC to access a registration - protected site, they will become "you" if cookies are used for access control. If your cookies files become corrupted or are lost, then with them may disappear some of your personal Web service preferences and access rights. They contain mysterious data values relevant only to those responsible for creating them. For some Web users, cookies represent a sinister potential loss of control and possibly of anonymity - you can't tell precisely what purpose they serve, or whether their contents may be passed to another party. But until somebody invents something better, the cookie will remain with us as an invisible accompaniment to our Web explorations.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Jonathan Eaton is Electronic Resources Manager at London Business
School Library, responsible for a wide range of networked services,
including bibliographic, full-text, historical and real-time financial databases. He has previously worked as an information broker for HERTIS Information & Research and for London Business School's Information Service. He is a member of the project team for the eLib Hybrid Libraries Phase III-funded Project HeadLine; speaks frequently on electronic information resources management issues, and also writes regular columns for "Managing Information" and "Information World Review".

Return to the Home Page

© Copyright 1998, 1999 by IGNITe/400sm
This page last updated on: Sun Jun 27 20:55:29 1999