COOKIES nice to eat but what are they?
By: Bleddyn Williams
Title: AS/400 Internet Specialist
Date: 01/07/1999 - 07:31 PM (UCT)
The following is an article from Jonathan Eaton
This contrasts with the older style of computing that creates a "session" between a terminal and a remote computer (like "Classic" character-based Dialog or DataStar online services, for example). The session generates a history of commands, their associated output, and preferences that can be reviewed and re-run, and lasts until the user ends it. If you've ever wondered why many Web-based search services force you to resubmit your entire search each time you want to modify only part of it, then here's the main reason - "statelessness". Here's a (slightly truncated) cookie entry set by the BBC's site at http://www.beeb.com/ as recorded by Internet Explorer 4:
BEEB_ID 10002983131827324596 beeb.com/02654980480
Not very enlightening, is it? The main point to note is the presence of a unique identification code associated with the Web address - which might, for example, be used as an index key to a user's registration details held on the server.
How can you tell if a Web site is setting cookies? Most browsers have options to control handling of cookies; these include acceptance without warning, warning before acceptance, or unconditional rejection. In Internet Explorer 4, select Internet Options from the View menu. Click the "Advanced" tab and scroll down to the Section headed "Security". The sub-section "Cookies" lists the options. In Netscape Communicator 4, choose Preferences from the Edit Menu, then Click on the "Advanced" option. Two cautionary notes: if you choose to reject all cookies, then some Web services will warn you that they will not function; if you opt to accept but notify each time one is set, then you will very quickly tire of clicking "OK" and your productivity will slump! For some Web sites wish to set up to thirty cookies when asked for their home pages; others may only require three.
Cookies can have other uses besides helping manage the problems associated with the need to provide a customised interface and content delivery. Many Web sites that offer some form of proprietary content require an initial registration procedure, involving sending some basic personal details to the desired service via a Web form. In some cases this involves the user having to choose their own username and password, or use one the provider has supplied. Cookies may be used to record a successful login attempt and often to support the option to "remember" who you are, thus suppressing the normal login prompt the next time you return to the site. Good practice here on the part of the site designer is to encrypt the user id and password entry stored in the cookie file to secure it from prying eyes.
Cookies have their problems, however. Since they are linked to the browser on the PC that accepted them, cookies cannot travel seamlessly with you as you move between computers in different locations. If someone else uses your PC to access a registration - protected site, they will become "you" if cookies are used for access control. If your cookies files become corrupted or are lost, then with them may disappear some of your personal Web service preferences and access rights. They contain mysterious data values relevant only to those responsible for creating them. For some Web users, cookies represent a sinister potential loss of control and possibly of anonymity - you can't tell precisely what purpose they serve, or whether their contents may be passed to another party. But until somebody invents something better, the cookie will remain with us as an invisible accompaniment to our Web explorations.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Jonathan Eaton is Electronic Resources Manager at London Business
School Library, responsible for a wide range of networked services,
including bibliographic, full-text, historical and real-time financial databases. He has previously worked as an information broker for HERTIS Information & Research and for London Business School's Information Service. He is a member of the project team for the eLib Hybrid Libraries Phase III-funded Project HeadLine; speaks frequently on electronic information resources management issues, and also writes regular columns for "Managing Information" and "Information World Review".