|
I've been reading a lot of tinfoil hat paranoia about browser cookies over the last few days. Enough hysteria to make it obvious that most people don't have the foggiest idea of what a cookie actually is, and what it can do (which is not that much).
So here is Cookies for Dummies. Read this, then resume your rants.
What any website programmer can do:
1) Create a cookie that is stored in your browser's cookie directory (nowhere else) 2) Store a small piece of information (that already exists) on that cookie 3) Read the information on that cookie (if it's still in your cookie directory when you return)
The cookie itself cannot create information. It is simply a place to store information. That's it. An electronic index card. A virtual post-it note. It performs no functions, cannot act on its own, and is basically useless until it is read.
Here is an example of the extremely simple ASP code that is used to create a cookie called "EvilCookie", write some (pre-existing) information on it (in this case, a color preference), and then tell EvilCookie to hang around for a year before committing suicide.
Response.Cookies ("EvilCookie")("MyFavoriteColor") = "purple" Response.Cookies ("EvilCookie").Expires = Date + 365
To read the information on that cookie, you would use this code:
FaveCookieColor = Request.Cookies ("EvilCookie")("MyFavoriteColor")
The variable "FaveCookieColor" is now equal to "purple."
The most common purpose of a cookie is to trigger some dynamic changes on a website based on whether you are a new visitor to the site ("Welcome, stranger.") or a return visitor ("Hey, Shirley. Welcome back!") The cookie itself can't figure out your name unless you have provided it by filling out a form on the site. It can store information about what pages you have visited on the site, but ONLY if there is some other kind of software on the site which has tracked your movements.
Again, cookies don't DO anything other than store information that someone has gathered and written to the cookie. But not just anyone. If you check your cookies directory, you'll see that all cookies are stamped with a unique domain name. Cookies are associated with a certain domain name. Cookies set by one domain name cannot be read by another. So once you leave a web site, the cookie is useless until (or if) you return to that same web site.
Now, if you're still freaked out by the thought of a perfidious NSA cookie on your computer, just disable cookies in your browser options. Poof! The cookie can't be accessed at all.
|